# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: pterolnk, pterostew, pteroodd, pteroeffigy, pterographin

# Note: Continuation of /malware/apt_gamaredon.txt trail

# Reference: https://www.virustotal.com/gui/ip-address/168.100.10.184/relations

637753378561125274.mmrbjh5aksr8xcod3.moolin.ru
spcbkrndcwmwqoehn.gl1rqkipy7qgs5wn.moolin.ru
spcbkrndcwmwqoehn.mmrbjh5aksr8xcod3.moolin.ru
yegjatclcoyvxc.mmrbjh5aksr8xcod3.moolin.ru
zqm0ohac1uy.mmrbjh5aksr8xcod3.moolin.ru

# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.84/relations

1enm5ltozgs.jolotras.ru
637851914820617583.jolotras.ru
637854543329144226.jolotras.ru
637856208618736747.jolotras.ru
637856496966819649.jolotras.ru
637857210652488396.jolotras.ru
637857240727359534.jolotras.ru
637857424251842757.jolotras.ru
elg9dhikreg.jolotras.ru
hfkiicwlqwzm.jolotras.ru
hvq3vxvsers3.jolotras.ru
jukmdudxk095.jolotras.ru
oxdajw1v.metanat.ru
wzl4picb0ghkvwm5n.jolotras.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.182.232.150/relations

10decrepit.mexv.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.232.71/relations

kyamalgo.shop
13definite.kyamalgo.shop
67delay.kyamalgo.shop
redim39.bayramgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/165.22.55.231/relations

51declined.kyamalgo.shop
71deliver.kyamalgo.shop
asc27.kyanango.shop
each95.kyanango.shop
then59.kyanango.shop

# Reference: https://www.virustotal.com/gui/ip-address/164.92.117.117/relations

deliver.kyamalgo.shop

# Reference: https://www.virustotal.com/gui/ip-address/139.180.186.210/relations

deliberate.kyamalgo.shop

# Reference: https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f22/19b0a96e-8c31-44bf-863e-cd3e0b651f22.pdf

http://157.245.75.124
http://185.163.45.5
http://195.189.96.64
http://84.32.131.61
/09.01_otck/quicker.rtf
/09.01_otck/

# Reference: https://twitter.com/malwrhunterteam/status/1622655333100359686
# Reference: https://www.virustotal.com/gui/file/3c6218f32fb724603c96fed99bc9880462f9dc3c420fac01acf9c921fb08b319/detection

http://45.8.98.186
/03.02/GU/deaf.DjVu

# Reference: https://twitter.com/oneinthewild/status/1622608702061568000
# Reference: https://twitter.com/oneinthewild/status/1622647861673353216

http://137.184.101.158
http://139.59.30.132
http://140.82.56.186
http://157.230.252.20
http://159.203.164.194
http://159.223.203.36
http://161.35.93.177
http://165.232.90.200
http://45.95.232.34
http://45.95.232.35
http://5.44.42.83
http://64.227.182.62

# Reference: https://twitter.com/ThreatBookLabs/status/1622555337470672897

artashd.xyz

# Reference: https://twitter.com/oneinthewild/status/1622845785627889667

http://134.122.60.67
http://139.59.209.145
http://140.82.47.181
http://146.190.117.209
http://157.230.15.82
http://64.227.113.173

# Reference: https://twitter.com/Cyber0verload/status/1622843745300357122
# Reference: https://twitter.com/Cyber0verload/status/1622843807493414915
# Reference: https://twitter.com/Cyber0verload/status/1622843862451462144
# Reference: https://twitter.com/Cyber0verload/status/1622843903123628045
# Reference: https://twitter.com/Cyber0verload/status/1622843941388255232

bahadurdi.ru
bahtiyardi.ru
balabekdi.ru
balakshidi.ru
balasst.ru
ballydi.ru
baloglandi.ru
balusa.ru
bamdaddi.ru
bashaardi.ru
davudho.ru
gachagdo.ru
gachaydo.ru
gadirdo.ru
gadzhido.ru
gahramando.ru
galibdo.ru
gamiddo.ru
gaplando.ru
garibdo.ru
gasando.ru
gashkaydo.ru
gasyrdo.ru
gayado.ru
gedimdo.ru
geydardo.ru
giyamdo.ru
giyasdo.ru
gochagdo.ru
goshgardo.ru
malawit.ru
maxmud.ru
noiyze.ru
poladx.ru
rascol.ru
tukals.ru
vahabgo.ru
valiullago.ru
vasifgo.ru
vasimgo.ru
vatango.ru
vazirgo.ru
veligo.ru
velihango.ru
vezirgo.ru
vidadigo.ru
vilayatgo.ru
vugargo.ru
vurgungo.ru
vusalgo.ru
vuvura.ru
xamala.ru
zaskol.ru

# Reference: https://www.virustotal.com/gui/file/602a970c272a4d6710a86792906ccad8e608115fcd46ed4740df7ec2c1b0cbe9/detection

http://45.8.98.144
/07.02/ss/sensation.DjVu

# Reference: https://twitter.com/StopMalvertisin/status/1622823002286206976
# Reference: https://www.virustotal.com/gui/file/1f034ea47fcd8ffa60de37ab3dfb4c7ca981d5830b6927320b4fa966066e4dca/detection

http://188.225.31.186
/06.02/mil/never.DjVu

# Reference: https://twitter.com/Cyber0verload/status/1623008687311708160
# Reference: https://www.virustotal.com/gui/ip-address/149.28.187.38/relations
# Reference: https://www.virustotal.com/gui/file/201d5f869a952a0ebf5b63c92adb3e1a767a90bf010f0065cbd1a16285d7e4d2/detection

glove38.gayado.ru
penny.glove38.gayado.ru

# Reference: https://www.virustotal.com/gui/ip-address/61.60.41.62/relations

mirzago.shop
validgo.ru

# Reference: https://twitter.com/oneinthewild/status/1623052819350822913

http://104.248.208.144
http://128.199.42.98
http://139.180.131.10
http://146.190.150.34

# Reference: https://www.virustotal.com/gui/ip-address/170.64.154.39/relations

11delay.bamdaddi.ru
12departure.vatango.ru
13december.amasiyagi.ru
14departure.vatango.ru
16delivery.vatango.ru
16departure.vatango.ru
18departure.vatango.ru
1demonstration.artavazd.xyz
21delicate.artavazd.xyz
23depths.artavazd.xyz
26delivery.vatango.ru
26departure.vatango.ru
27departure.vatango.ru
28delicate.artavazd.xyz
28departure.vatango.ru
29delivery.vatango.ru
2departure.vatango.ru
30departure.vatango.ru
31delivery.vatango.ru
31demonstration.artavazd.xyz
31departure.vatango.ru
32delivery.vatango.ru
33degrade.bamdaddi.ru
35departure.vatango.ru
36delivery.vatango.ru
36departure.vatango.ru
36descendant.artavazd.xyz
37delivery.vatango.ru
38delivery.vatango.ru
39delicate.artavazd.xyz
39departure.vatango.ru
3demonstration.artavazd.xyz
42departure.vatango.ru
44dense.artavazd.xyz
44departure.vatango.ru
44depths.artavazd.xyz
46delicate.artavazd.xyz
46descendant.artavazd.xyz
47departure.vatango.ru
49departure.vatango.ru
54delivery.vatango.ru
59departure.vatango.ru
5delicate.artavazd.xyz
60departure.vatango.ru
61december.amasiyagi.ru
61delivery.vatango.ru
61descendant.artavazd.xyz
62depths.artavazd.xyz
63departure.vatango.ru
64departure.vatango.ru
64descendant.artavazd.xyz
65delivery.vatango.ru
66delivery.vatango.ru
67delivery.vatango.ru
67departure.vatango.ru
69delay.bamdaddi.ru
69delivery.vatango.ru
72departure.vatango.ru
74delivery.vatango.ru
74delusion.amasiyagi.ru
74depths.artavazd.xyz
75demonstration.artavazd.xyz
77defective.amasiyagi.ru
78departure.vatango.ru
79delivery.vatango.ru
7delivery.vatango.ru
80departure.vatango.ru
84defective.amasiyagi.ru
84delivery.vatango.ru
85delivery.vatango.ru
85departure.vatango.ru
86delay.bamdaddi.ru
86delivery.vatango.ru
87departure.vatango.ru
88delivery.vatango.ru
88departure.vatango.ru
88descendant.artavazd.xyz
89december.amasiyagi.ru
89delivery.vatango.ru
90departure.vatango.ru
91delivery.vatango.ru
93depths.artavazd.xyz
94delivery.vatango.ru
94departure.vatango.ru
95departure.vatango.ru
96demonstration.artavazd.xyz
97delivery.vatango.ru
97departure.vatango.ru
98delay.bamdaddi.ru
98delivery.vatango.ru
99departure.vatango.ru
9delivery.vatango.ru
9demonstration.artavazd.xyz
chr38.balabekdi.ru
close25.balabekdi.ru
getfile69.artashd.xyz
lapwork.akinot.ru
loop14.balabekdi.ru
loop56.balabekdi.ru
penobscot.soputh.ru
pigbelly.ulitron.ru
redim100.mansurgo.ru
slitter.billyhot.ru
to36.artashd.xyz
type57.mansurgo.ru
type59.mansurgo.ru
type72.mansurgo.ru
type91.mansurgo.ru
ucayale.bismutumo.ru
unapparent.bismutumo.ru
unconservative.dedspac.ru
while2.balabekdi.ru
wscript30.mansurgo.ru
wscript61.mansurgo.ru
wscript68.mansurgo.ru
wscript77.mansurgo.ru

# Reference: https://twitter.com/oneinthewild/status/1623328456967696384

http://134.209.197.124
http://134.209.33.42
http://146.190.38.123
http://188.166.220.176
http://31.129.22.25
http://45.82.13.22

# Reference: https://twitter.com/Cyber0verload/status/1623417388556328964
# Reference: https://twitter.com/Cyber0verload/status/1623417462992818176

auxza.ru
barabux.ru
dadashho.ru
daniyarho.ru
danizho.ru
dashgynrho.ru
deyanetho.ru
dilaverho.ru
dostaliho.ru
dovlatho.ru
dzharasatho.ru
dzhavadho.ru
erfanho.ru
gapolsa.ru
ruxanu.ru

# Reference: https://twitter.com/oneinthewild/status/1623422557096493062

http://137.184.189.215
http://165.232.90.224
http://178.128.127.134
http://178.128.64.143
http://84.32.34.69

# Reference: https://twitter.com/oneinthewild/status/1623559225497763840

http://146.190.140.96
http://146.190.60.230
http://158.247.212.220
http://165.232.78.69
http://45.82.13.23
http://45.82.13.32

# Reference: https://twitter.com/Cyber0verload/status/1623665580296269825

pldbr.com
zafirgo.online

# Reference: https://twitter.com/oneinthewild/status/1623729517058576386

http://138.68.48.251
http://146.190.150.240
http://157.245.56.218
http://207.148.108.196
http://209.250.235.75
http://84.32.188.171

# Reference: https://twitter.com/StopMalvertisin/status/1623941786665365505
# Reference: https://www.virustotal.com/gui/file/220764c59224630d91caeadfbbaadd25b3f06e69e33dc5cbf3541c288fc2455a/detection
# Reference: https://www.virustotal.com/gui/file/884d0b2753927bad6a57c3191ca5def96b2006ffe5d5924726b1f6d1aefb4bb6/detection

http://81.200.154.192
/08.02/mils/guidance.dll
/08.02/mils/preliminary.dll

# Reference: https://twitter.com/oneinthewild/status/1623941722077286401

http://143.110.166.19
http://159.89.44.189
http://165.232.73.240
http://195.133.88.27
http://206.189.2.10
http://68.183.106.61

# Reference: https://twitter.com/StopMalvertisin/status/1624040846785134592
# Reference: https://www.virustotal.com/gui/ip-address/158.247.194.46/relations
# Reference: https://www.virustotal.com/gui/file/f46bf2a1b8a6d333b73c355ee463d4dc6c55ef66bb99c2717e3a211d49b4c07d/detection

dzheyhunho.ru
soul70.dzheyhunho.ru
neck.soul70.dzheyhunho.ru
wwww.dzheyhunho.ru
wwww.soul70.dzheyhunho.ru
wwww.neck.soul70.dzheyhunho.ru
/USER-/perfectly/perfectly/beyond/perfectly/perfectly.png
/USER-/perfectly/perfectly/beyond/perfectly/
/USER-/perfectly/perfectly/beyond/
/USER-/perfectly/perfectly/
/USER-/perfectly/

# Reference: https://twitter.com/oneinthewild/status/1624037169592508416

http://158.247.194.46
http://165.22.188.144
http://5.44.42.63
http://5.44.42.81
http://64.225.79.177
http://64.227.77.123

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.42/relations

http://81.19.140.42
71.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/66.42.55.53/relations

1386276378.ganara.ru
1431715375.pafamar.ru

# Reference: https://www.virustotal.com/gui/ip-address/108.61.192.203/relations

42358526.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/155.138.141.211/relations

870017326.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/84.32.190.250/relations

1204209173.hakold.ru
1440993535.pafamar.ru
1748457329.pafamar.ru
181510461.pafamar.ru
2055427177.pafamar.ru
683969564.kacep.ru

# Reference: https://www.virustotal.com/gui/ip-address/178.128.119.199/relations

1043550017.wicksl.ru
1057389483.wicksl.ru
1104029195.boraza.ru
1176266654.wicksl.ru
1224898390.wicksl.ru
1264400207.boradi.ru
1265796603.harasm.ru
1382969500.wicksl.ru
1434877464.wicksl.ru
1499231909.wicksl.ru
1526078706.wicksl.ru
1687888889.boradi.ru
1969771041.wicksl.ru
2039560734.wicksl.ru
346592704.wicksl.ru
399300951.lopasts.ru
419154341.wicksl.ru
55771717.wicksl.ru
583021842.wicksl.ru
599985847.wicksl.ru
675210863.lopasts.ru
6824204.wicksl.ru
691364703.wicksl.ru
692072180.wicksl.ru
701012767.pafamar.ru
748245639.boraza.ru
764978826.boradi.ru
875836479.wicksl.ru
894351309.wicksl.ru
930865769.wicksl.ru
956509908.wicksl.ru
login.kifales.ru
mail.kacep.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.76.254.179/relations

71deployment.rhodiumo.ru
deliberate.lotorgas.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.67.71.65/relations

depth.deliberate.lotorgas.ru

# Reference: https://twitter.com/peterkruse/status/1625042214920286209
# Reference: https://www.virustotal.com/gui/ip-address/211.231.29.180/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.196.191.5/relations

erfango.ru
zafirgo.ru
zahidgo.ru
zakirgo.ru
zamango.ru
ziyafatgo.ru
gk.zamango.ru
ns.zamango.ru
ot.zamango.ru
xu.zamango.ru

# Reference: https://twitter.com/StopMalvertisin/status/1625031614983188482
# Reference: https://www.virustotal.com/gui/ip-address/185.143.223.190/relations
# Reference: https://www.virustotal.com/gui/file/c6f6838afcb177ea9dda624100ce95549cee93d9a7c8a6d131ae2359cabd82c8/detection

interbase11.zakirgo.ru
interbase6.zakirgo.ru
interbase9.zakirgo.ru
interbase96.zakirgo.ru
goat.interbase6.zakirgo.ru
goat.interbase11.zakirgo.ru
goat.interbase9.zakirgo.ru
goat.interbase96.zakirgo.ru
wwww.goat.interbase11.zakirgo.ru
wwww.interbase11.zakirgo.ru
wwww.zakirgo.ru

# Reference: https://mrtiepolo.medium.com/russian-apt-gamaredon-exploits-hoaxshell-to-target-ukrainian-organizations-173427d4339b

141.8.192.151:4000
141.8.197.42:4000
a0728173.xsph.ru
f0559838.xsph.ru

# Reference: https://www.virustotal.com/gui/ip-address/19.138.242.170/relations

damirho.ru

# Reference: https://twitter.com/peterkruse/status/1626458999267663872

dzhavidho.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.189.215/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.128.127.134/relations

12deploy.valiullago.ru
27degrade.valiullago.ru
28delighted.dzhavidho.ru
2dependent.valiullago.ru
36delighted.dzhavidho.ru
41depart.valiullago.ru
41departure.valiullago.ru
45delighted.dzhavidho.ru
50delighted.dzhavidho.ru
52delighted.dzhavidho.ru
53defeated.valiullago.ru
53departure.valiullago.ru
54deprive.valiullago.ru
63delete.valiullago.ru
66delighted.dzhavidho.ru
69delicacy.vatango.ru
71departure.valiullago.ru
72demonstration.valiullago.ru
77dense.vatango.ru
81dependent.valiullago.ru
85delighted.dzhavidho.ru
91depth.valiullago.ru
99dependant.vatango.ru
all70.gochagdo.ru
all76.gochagdo.ru
altitude46.ibragimo.ru
altitude47.logmango.ru
amiable74.andranikgi.ru
amiable78.andranikgi.ru
bible49.gachagdo.ru
bible50.gachagdo.ru
bicycle.council67.garibdo.ru
billion23.vasifgo.ru
clamour.altitude47.logmango.ru
clap3.vasifgo.ru
clap70.vasifgo.ru
council67.garibdo.ru
count26.vasifgo.ru
count41.vasifgo.ru
count56.vasifgo.ru
createobject83.gedimdo.ru
dim99.vurgungo.ru
elephantidae.akinot.ru
encyclopedia10.amayakgi.ru
endurance30.gaplando.ru
energy80.gayado.ru
faithfully.all70.gochagdo.ru
faithfully.all76.gochagdo.ru
false28.gayado.ru
false53.gayado.ru
false8.gayado.ru
false81.gayado.ru
false92.gayado.ru
false95.gayado.ru
fileexists28.vidadigo.ru
for79.vurgungo.ru
function74.gedimdo.ru
glow.need94.gadzhido.ru
glow33.masudgo.shop
glow80.masudgo.shop
god79.galibdo.ru
integral.low19.gayado.ru
intellectual.altitude46.ibragimo.ru
intelligence34.gayado.ru
intelligence56.gayado.ru
interdependent.energy80.gayado.ru
interference.shone10.ibragimo.ru
interference.shone100.ibragimo.ru
interference.shone32.ibragimo.ru
interference.shone33.ibragimo.ru
interference.shone40.ibragimo.ru
interference.shone43.ibragimo.ru
interference.shone45.ibragimo.ru
interference.shone6.ibragimo.ru
interference.shone67.ibragimo.ru
interference.shone71.ibragimo.ru
interference.shone85.ibragimo.ru
interference.shone9.ibragimo.ru
interference.shone92.ibragimo.ru
interference.shone93.ibragimo.ru
low19.gayado.ru
lowered94.andranikgi.ru
necklace.stooped100.ziyafat.ru
necklace.stooped16.ziyafat.ru
necklace.stooped22.ziyafat.ru
necklace.stooped23.ziyafat.ru
necklace.stooped4.ziyafat.ru
necklace.stooped7.ziyafat.ru
nectareous.bernadetti.ru
ned.bible49.gachagdo.ru
ned.bible50.gachagdo.ru
need94.gadzhido.ru
penny.glove38.gayado.ru
performance.stopper23.gochagdo.ru
perfume6.veligo.ru
pressure.false28.gayado.ru
pressure.false53.gayado.ru
pressure.false8.gayado.ru
pressure.false81.gayado.ru
pressure.false92.gayado.ru
pressure.false95.gayado.ru
priceless.intelligence34.gayado.ru
priceless.intelligence56.gayado.ru
regions72.vasifgo.ru
salary.sorry54.gahramando.ru
salvation.god79.galibdo.ru
sample.glow33.masudgo.shop
sample.glow80.masudgo.shop
savetofile97.vidadigo.ru
setrequestheader39.vidadigo.ru
shone10.ibragimo.ru
shone100.ibragimo.ru
shone32.ibragimo.ru
shone33.ibragimo.ru
shone40.ibragimo.ru
shone43.ibragimo.ru
shone45.ibragimo.ru
shone6.ibragimo.ru
shone67.ibragimo.ru
shone71.ibragimo.ru
shone85.ibragimo.ru
shone9.ibragimo.ru
shone92.ibragimo.ru
shone93.ibragimo.ru
sleep65.mansurgo.ru
sleep78.mansurgo.ru
sorry54.gahramando.ru
stooped100.ziyafat.ru
stooped16.ziyafat.ru
stooped22.ziyafat.ru
stooped23.ziyafat.ru
stooped4.ziyafat.ru
stooped7.ziyafat.ru
stopper23.gochagdo.ru
then89.vurgungo.ru
to50.gedimdo.ru
umbrose.soputh.ru
until18.gedimdo.ru
until23.gedimdo.ru
visible44.vurgungo.ru
wscript73.mansurgo.ru
wscript98.mansurgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.79/relations

allow37.bahtiyardi.ru

# Reference: https://twitter.com/h2jazi/status/1628061981260320779

http://94.198.220.136

# Reference: https://www.virustotal.com/gui/ip-address/165.22.196.38/relations

altitude84.ibragimo.ru
altitude92.ibragimo.ru
ambiguous.could4.akpar.ru
ambition.prick55.ibragimo.ru
beverley95.ambarcumgi.ru
could4.akpar.ru
countless.endure5.ibragimo.ru
endure5.ibragimo.ru
enemies32.mamnungo.ru
fame.relate94.logmango.ru
gloves.enemies32.mamnungo.ru
goal51.ambarcumgi.ru
intellectual.altitude84.ibragimo.ru
intellectual.altitude92.ibragimo.ru
lovers.stops50.mehmango.shop
lucius.pride60.ibragimo.ru
lucius.pride63.ibragimo.ru
navy.shoe19.avvadbi.ru
needle54.avvadbi.ru
price8.ambarcumgi.ru
prick55.ibragimo.ru
prickly33.koroglugo.shop
pride60.ibragimo.ru
pride63.ibragimo.ru
princess.needle54.avvadbi.ru
relate94.logmango.ru
shoe19.avvadbi.ru
stops50.mehmango.shop

# Reference: https://www.virustotal.com/gui/ip-address/84.32.248.148/relations

primary40.agvanbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1628673516177596417
# Reference: https://www.virustotal.com/gui/ip-address/208.33.106.251/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.68/relations

balabac.ru
idrakbi.ru
kainatbi.ru
logmando.ru
lyutfido.ru
malikdo.ru
manafdo.ru
mansurdo.ru
mazhddo.ru
nbwfq.ru
teftons.ru
zardushtgo.ru

# Reference: https://twitter.com/Cyber0verload/status/1628683582649638913

bajax.ru
ibadbi.ru
ibragimbi.ru
ihsanbi.ru
ihtiyarbi.ru
ikrimabi.ru
ilchinbi.ru
ilkinbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1628689600959979522
# Reference: https://twitter.com/Cyber0verload/status/1628689657079685120

ilmazbi.ru
inalbi.ru
intigambi.ru
iskanderbi.ru
kamranbi.ru
kamshadbi.ru
karimbi.ru
kasymbi.ru
kirmanbi.ru
komekbi.ru
lachindo.ru
madzhiddo.ru
maksuddo.ru
mamduhdo.ru
naturac.ru
paramants.ru
quados.ru
yylmazbi.ru
zaydgo.ru
zohrabgo.ru
zyakigo.ru

# Reference: https://twitter.com/malPileDiver/status/1628893586308710402
# Reference: https://www.virustotal.com/gui/ip-address/39.202.20.197/relations

muayidpo.ru
mubarizpo.ru
munzirpo.ru
muvafakpo.ru

# Reference: https://twitter.com/malPileDiver/status/1629184400163237889
# Reference: https://www.virustotal.com/gui/ip-address/23.191.178.238/relations

murtuzpo.ru
navidgo.ru

# Reference: https://twitter.com/Cyber0verload/status/1629213253703180289

funimine.ru

# Reference: https://twitter.com/malPileDiver/status/1629511889427259394
# Reference: https://www.virustotal.com/gui/ip-address/15.232.123.105/relations

baclanas.ru
baralif.ru
dzhabrailho.ru
jofar.ru
vafikgo.ru
vahidgo.ru

# Reference: https://twitter.com/malPileDiver/status/1630288768484687875

muazpo.ru
muntasirpo.ru
murtuzago.ru
trwzwq.ru

# Reference: https://twitter.com/Cyber0verload/status/1630312277332115456
# Reference: https://www.virustotal.com/gui/ip-address/170.64.146.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/174.236.130.129/relations
# Reference: https://www.virustotal.com/gui/ip-address/39.202.20.197/relations

fanatas.site
mirzapo.ru
mohsenpo.ru
muhtadigo.ru
murtadipo.ru
muslimgo.ru
mutazgo.ru
nadzhigo.ru
getfile71.mirzapo.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.46/relations

interference27.ambarcumgi.ru
pepper12.veligo.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.131.188/relations

openastextstream71.muhtadigo.ru

# Reference: https://twitter.com/Cyber0verload/status/1630548770675998721
# Reference: https://www.virustotal.com/gui/ip-address/89.23.107.153/relations
# Reference: https://www.virustotal.com/gui/file/e7985ef38485466debc941a747f47739f014d5b43be2100b45535fa8364ff48b/detection

goat11.gochagdo.ru
prevail35.miltras.ru
ambiguous.goat11.gochagdo.ru
endanger.prevail35.miltras.ru
/OHORONAPRAVLYUD/amongst.ma

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.122/relations

30declared.geydardo.ru
31declared.geydardo.ru
ambiguous11.gahramando.ru
classic49.gayado.ru
decisive.hungzo.ru
energy70.gochagdo.ru
fileexists42.dovlatho.ru
fileexists92.dovlatho.ru
function66.dovlatho.ru
sounding32.gayado.ru
endlessly.ambiguous11.gahramando.ru
perfection.sounding32.gayado.ru
print.energy70.gochagdo.ru
rehearsal.classic49.gayado.ru

# Reference: https://twitter.com/malPileDiver/status/1630612030121033741

muhtargo.ru

# Reference: https://twitter.com/malPileDiver/status/1630961827860414467
# Reference: https://www.virustotal.com/gui/ip-address/65.163.236.87/relations

goodide.ru
kuycon.shop
medyn.shop
naasimgo.ru
nrtdsz.ru

# Reference: https://twitter.com/malPileDiver/status/1631370220471197696

asdcq.ru
ervcxq.ru
novruzpi.ru
nurlanpi.ru
omeyrpi.ru
omranpi.ru
osmanpi.ru
tukalaf.ru

# Reference: https://twitter.com/h2jazi/status/1631389446640640192
# Reference: https://www.virustotal.com/gui/file/ce16cbefe48f83bef0ef4f708a82b98ab9862d161d9ea2147b58605681dd8318/detection

http://81.200.156.77

# Reference: https://twitter.com/h2jazi/status/1631720818546991105
# Reference: https://www.virustotal.com/gui/file/f56e11c2a8bbfeb7f5eab1b47ee150865e358a6db9f7bb9142e3ae13570418ab/detection

http://128.199.99.145
http://89.185.84.85
2deserved.komekbi.ru
26deserved.komekbi.ru
28deserved.komekbi.ru
/snfer51/index.html
/snstance2/index.html
/snstance51/index.html

# Reference: https://twitter.com/h2jazi/status/1631720820010516481
# Reference: https://www.virustotal.com/gui/file/57b73d822558f142b73b0d52f3cca2e8c3124728b3abbe24785d1888f4f8fd7a/detection

http://143.110.176.60
http://158.247.192.235
http://164.92.211.243
/snterposed63/index.html
/snhabitant77/index.html
/snherent77/index.html

# Reference: https://twitter.com/h2jazi/status/1631723163603148804
# Reference: https://www.virustotal.com/gui/ip-address/140.82.50.201/relations
# Reference: https://www.virustotal.com/gui/file/39f30dff6e397c0c1a11e2cd3bb8f840c93627ceb0ee75fe00df2aa482d83295/detection

http://149.248.2.160
http://5.44.42.84
13description.mubarizpo.ru
52description.mubarizpo.ru
60description.mubarizpo.ru
71description.mubarizpo.ru
/srresistible13/index.html
/srresistible27/index.html
/srresistible52/index.html
/srresistible94/index.html

# Reference: https://www.virustotal.com/gui/ip-address/5.199.173.245/relations

35.kasymbi.ru
55dedicate.mardango.ru
deceived100.burhan.shop
openastextstream17.kasymbi.ru
openastextstream79.kasymbi.ru
openastextstream98.kasymbi.ru
stream35.kasymbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/84.32.191.212/relations

100degree.daglarho.ru
do5.vidadigo.ru
do8.vidadigo.ru
function60.dovlatho.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.85/relations

nearby15.ibragimo.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.35/relations

71deserved.komekbi.ru
relate54.logmango.ru
fame.relate54.logmango.ru
prickly99.koroglugo.shop

# Reference: https://twitter.com/malPileDiver/status/1631733362460164105

nureddinpi.ru
nurgyunpi.ru
osmanpi.ru

# Reference: https://twitter.com/malPileDiver/status/1632117910746415105
# Reference: https://www.virustotal.com/gui/ip-address/217.38.66.205/relations

naturap.ru
peymanpo.ru
rabahpo.ru
ragibpo.ru
vannos.ru

# Reference: https://twitter.com/malPileDiver/status/1632447537767501826

osmanpo.ru
payampo.ru

# Reference: https://twitter.com/Cyber0verload/status/1632479604945428484

muhsingo.ru
myuridgo.ru
ogtaypi.ru
orduhanpi.ru

# Reference: https://twitter.com/malPileDiver/status/1632812089650675713

omeyrpo.ru
pudzhmanpo.ru
punhanpo.ru

# Reference: https://twitter.com/Cyber0verload/status/1633122380171051009
# Reference: https://www.virustotal.com/gui/ip-address/45.80.128.87/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.32.188.157/relations
# Reference: https://www.virustotal.com/gui/file/9f01c93e9756bac770f8e9b1186fb3af2b0a61654d0a151c18a75f2d1f9ef06b/detection

ambiguous35.azzamsa.ru
openastextstream46.kasymbi.ru
could.ambiguous35.azzamsa.ru

# Reference: https://twitter.com/malPileDiver/status/1633178137914646529

golowa.ru
ragifla.ru
rasimla.ru
ratibla.ru
rieturs.ru

# Reference: https://twitter.com/Cyber0verload/status/1633534875595595777
# Reference: https://www.virustotal.com/gui/ip-address/181.202.232.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.227.12.148/relations

omranpo.ru
orduhanpo.ru
fileexists71.omranpo.ru

# Reference: https://twitter.com/malPileDiver/status/1633858760992071683
# Reference: https://www.virustotal.com/gui/ip-address/103.152.63.89/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.225.171.152/relations

golovaq.ru
lafata.ru
ramalla.ru
ramizla.ru
aaa.ramizla.ru
1094098050.lafata.ru
1961692646.golovaq.ru
35destitute.ramalla.ru
638154522.golovaq.ru
expandenvironmentstrings58.ramizla.ru
expandenvironmentstrings8.ramizla.ru
loop21.ramizla.ru
loop71.ramizla.ru
loop75.ramizla.ru
mid49.ramizla.ru
mid58.ramizla.ru
mid71.ramizla.ru
until64.ramizla.ru
xor37.ramizla.ru

# Reference: https://app.validin.com/axon?find=31.129.22.48

aristakes.xyz
arutyund.xyz
kirmango.shop
mahirgo.shop
muayidgo.shop
muvafakgo.shop

# Reference: https://www.virustotal.com/gui/ip-address/137.184.2.98/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.227.48.39/relations

eval71.autometrics.pro
mid71.autometrics.pro
responsebody71.autometrics.pro
run71.aristakes.xyz

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.84/relations

42delight.daglarho.ru
63defined.daglarho.ru
86demonstration.daglarho.ru
deletefile53.dzhafarho.ru
delight20.basamdi.ru
deliver66.basamdi.ru
deny18.basamdi.ru
designed79.basamdi.ru
destroy23.basamdi.ru
destroy55.basamdi.ru
destroy92.basamdi.ru
enemy38.valefgo.ru
loop62.dzhafarho.ru
read74.dzhafarho.ru

# Reference: https://www.virustotal.com/gui/ip-address/164.90.238.95/relations

71.autometrics.pro
for54.mahirgo.shop

# Reference: https://www.virustotal.com/gui/ip-address/146.190.152.16/relations

visible175.autometrics.pro
xor71.autometrics.pro

# Reference: https://www.virustotal.com/gui/ip-address/164.90.208.183/relations

71deliver.muhtargo.ru
82deliver.muhtargo.ru
anbiguous.goat11.gochagdo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.233.68/relations

52deliver.muhtargo.ru
97deliver.muhtargo.ru
counsel81.navidgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.54/relations

vagifgo.ru
100departed.daglarho.ru
15departed.daglarho.ru
17.deduction.pikh.ru
17desirable.daglarho.ru
17desire.intigambi.ru
19departed.daglarho.ru
19descent.mexv.ru
1deluge.intigambi.ru
22deck.daglarho.ru
42delusion.daglarho.ru
43departed.daglarho.ru
48demonstration.daglarho.ru
50desirable.daglarho.ru
6delight.daglarho.ru
71departed.daglarho.ru
79desirable.daglarho.ru
82descendant.daglarho.ru
95demonstration.daglarho.ru
98delusion.daglarho.ru
9departed.daglarho.ru
decisive1.basamdi.ru
declare16.basamdi.ru
deduction.pikh.ru
defeat42.basamdi.ru
defeat56.basamdi.ru
defeat72.basamdi.ru
delete59.basamdi.ru
delete67.basamdi.ru
deletefile92.dzhafarho.ru
delight94.basamdi.ru
deliver10.basamdi.ru
deliver34.basamdi.ru
desert19.basamdi.ru
designed56.basamdi.ru
designed71.basamdi.ru
designed80.basamdi.ru
destroy16.basamdi.ru
destroy54.basamdi.ru
ended100.zyakigo.ru
enemy19.valefgo.ru
fairy30.detroito.ru
fileexists71.vadzhih.shop
goat100.detroito.ru
goat6.valefgo.ru
if44.dzhafarho.ru
intelligence17.valefgo.ru
loop3.dzhafarho.ru
loop5.dzhafarho.ru
loop77.dzhafarho.ru
navigation.ended100.zyakigo.ru
prior66.manafdo.ru
to10.dzhafarho.ru
to22.dzhafarho.ru
to33.dzhafarho.ru
to35.dzhafarho.ru
to44.dzhafarho.ru
to66.dzhafarho.ru
to78.dzhafarho.ru
to79.dzhafarho.ru
to85.dzhafarho.ru
to92.dzhafarho.ru
to94.dzhafarho.ru
to98.dzhafarho.ru

# Reference: https://threatmon.io/beyond-bullets-and-bombs-an-examination-of-armageddon-groups-cyber-warfare-against-ukraine/

http://162.33.178.129
ambiguous.azzamsa.ru
cloud.ambiguous.azzamsa.ru

# Reference: https://twitter.com/malPileDiver/status/1635713029261099022

balatu.ru
gokols.ru
paratai.ru

# Reference: https://twitter.com/malPileDiver/status/1636041827441688576

barakal.ru
ravaet.ru
takyygi.ru
talehgi.ru
talgatgi.ru
taysirgi.ru

# Reference: https://twitter.com/malPileDiver/status/1636432010787864580

homovos.ru
rakinla.ru
raulla.ru
taahirgi.ru

# Reference: https://www.virustotal.com/gui/ip-address/64.226.84.229/relations

100desirable.daglarho.ru
23delusion.daglarho.ru
23demonstration.daglarho.ru
24deck.daglarho.ru
24desirable.daglarho.ru
26departed.daglarho.ru
30demand.intigambi.ru
31detachment.intigambi.ru
33degrade.intigambi.ru
34define.intigambi.ru
36delusion.daglarho.ru
38deity.intigambi.ru
45demonstration.daglarho.ru
5deck.daglarho.ru
60delight.daglarho.ru
7demonstration.daglarho.ru
92delusion.daglarho.ru
ambiguouos.azzamsa.ru
cloud.ambiguouos.azzamsa.ru
createobject33.dzhafarho.ru
defeat13.basamdi.ru
defeat31.basamdi.ru
delight18.basamdi.ru
deliver35.basamdi.ru
descended55.basamdi.ru
designed13.basamdi.ru
designed51.basamdi.ru
designed6.basamdi.ru
destroy52.basamdi.ru
destroy91.basamdi.ru
fairy75.valefgo.ru
loop30.dzhafarho.ru
loop44.dzhafarho.ru
loop78.dzhafarho.ru
sleep97.dzhafarho.ru
stoop33.valefgo.ru
to25.dzhafarho.ru
to81.dzhafarho.ru

# Reference: https://twitter.com/malPileDiver/status/1636806289773989888

raminla.ru

# Reference: https://www.virustotal.com/gui/domain/dzhafarho.ru/relations

each38.dzhafarho.ru
each7.dzhafarho.ru
getfile68.dzhafarho.ru
loop1.dzhafarho.ru
loop49.dzhafarho.ru
loop64.dzhafarho.ru
loop71.dzhafarho.ru
loop76.dzhafarho.ru
loop85.dzhafarho.ru
properties_76.dzhafarho.ru
to1.dzhafarho.ru
to100.dzhafarho.ru
to11.dzhafarho.ru
to2.dzhafarho.ru
to37.dzhafarho.ru
to38.dzhafarho.ru
to43.dzhafarho.ru
to57.dzhafarho.ru
to64.dzhafarho.ru
to72.dzhafarho.ru
to74.dzhafarho.ru
to8.dzhafarho.ru
to83.dzhafarho.ru
to99.dzhafarho.ru
visible31.dzhafarho.ru

# Reference: https://www.virustotal.com/gui/ip-address/161.35.118.86/relations

chr88.artashd.xyz

# Reference: https://twitter.com/malPileDiver/status/1637202283292131330

baralap.ru
gojoxa.ru
makasd.ru
rasulla.ru

# Reference: https://twitter.com/malPileDiver/status/1638596457979682832

raidla.ru
rufatpo.ru
ruzipo.ru
saadipo.ru
sabirpo.ru

# Reference: https://twitter.com/Cyber0verload/status/1638985769628090368
# Reference: https://www.virustotal.com/gui/ip-address/255.181.142.5/relations

http://81.200.155.124
royalpo.ru
sabitpo.ru
asc71.sabitpo.ru
deletefile71.sabitpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.80.128.72/relations

71destruction.clipperso.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.52/relations

71deceive.clipperso.ru
alone63.detroito.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.233.80/relations

asc71.sabitpo.ru
deletefile71.sabitpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/217.69.7.171/relations

getobject71.sabitpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.63.122.179/relations

77defect.mansurdo.ru
prey2.bishoten.ru
presumably.prey2.bishoten.ru

# Reference: https://twitter.com/Cyber0verload/status/1640378988555018245

baoris.ru
caramelas.ru
cumbersome.ru
heartbreaking.ru
highfalutin.ru
narama.ru
narutasx.ru
parsimonious.ru
quizzical.ru
vohod.ru

# Reference: https://www.virustotal.com/gui/ip-address/170.64.132.3/relations

dim71.heartbreaking.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.6.77/relations

dim100.heartbreaking.ru
dim53.heartbreaking.ru
dim54.heartbreaking.ru
dim61.heartbreaking.ru
dim86.heartbreaking.ru
run3.heartbreaking.ru
run63.heartbreaking.ru
run98.heartbreaking.ru

# Reference: https://twitter.com/malPileDiver/status/1640431005973479428

hueglotiki.ru
lamentable.ru
ruslanpo.ru
rustampo.ru
sabihpo.ru
savalanpo.ru
tightfisted.ru
unsuitable.ru

# Reference: https://twitter.com/Cyber0verload/status/1641096737694547970
# Reference: https://www.virustotal.com/gui/file/cb0dedfe45e2815974984b5e2ac6cdfd9d63bcc707ff1ed5ad95c919497b5efb/detection

gleaming8.battleras.ru
same.gleaming8.battleras.ru

# Reference: https://twitter.com/suyog41/status/1641434640375513090
# Reference: https://www.virustotal.com/gui/file/78323880df7324a3e614c8d4c8057deb002959ff65d4fa8cf49a9fb7a738f441/detection

/call/network/22.03/guide.jpeg
/call/network/22.03/

# Reference: https://twitter.com/Cyber0verload/status/1641811233820102657

hctntmc.ru
vesterac.ru

# Reference: https://twitter.com/malPileDiver/status/1642289458530725891

agonizing.ru
materialistic.ru
stereotyped.ru

# Reference: https://twitter.com/malPileDiver/status/1642610928842670080

haramq.ru
jafata.ru
krtkrt.ru
varials.ru
capricious.ru
glistening.ru
overjoyed.ru
statuesque.ru
undesirable.ru

# Reference: https://twitter.com/malPileDiver/status/1642953669309079552

aydynpo.ru
disagreeable.ru
earsplitting.ru

# Reference: https://twitter.com/malPileDiver/status/1643388727962501122

agakiypo.ru
agastanpo.ru
baharas.ru
lefant.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.56/relations

0wlxbqv4pfbm.celticso.ru
hatwwkhoysku.celticso.ru
hdllmmsubbky.celticso.ru
irykcfezcgsh.celticso.ru
qralfxig6mlr.celticso.ru
unpqaq3qraqo.celticso.ru
vnzsc903fhll.celticso.ru

# Reference: https://twitter.com/malPileDiver/status/1643683264786309147

altamishpo.ru
aychobanpo.ru
aykutpo.ru
ayzakpo.ru

# Reference: https://twitter.com/malPileDiver/status/1644013583871737856

aktanpo.ru
aydoganpo.ru
aytashpo.ru
aytyurkpo.ru
nalogw.ru

# Reference: https://twitter.com/h2jazi/status/1644384355509477377
# Reference: https://www.virustotal.com/gui/ip-address/165.232.125.213/relations
# Reference: https://www.virustotal.com/gui/file/c62dd5b6036619ced5de3a340c1bb2c9d9564bc5c48e25496466a36ecd00db30/detection
# Reference: https://www.virustotal.com/gui/file/5926f707d51268721fef89c0218cfe0034da08503efefb95d00ed6c7a62684e6/detection

37delicate.ramalla.ru
71delicate.ramalla.ru
clamp46.bashaardi.ru
expandenvironmentstrings71.ramizla.ru
lucius80.lamentable.ru
fake.clamp46.bashaardi.ru

# Reference: https://twitter.com/malPileDiver/status/1644445710761205762

adempo.ru
agasypo.ru
ayrympo.ru
uranic.ru

# Reference: https://twitter.com/Cyber0verload/status/1644688600833851393
# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.99/relations

disillusioned.ru
superficial.ru
big59.superficial.ru
responsebody71.disillusioned.ru
send71.disillusioned.ru

# Reference: https://twitter.com/Cyber0verload/status/1645769331500802049
# Reference: https://www.virustotal.com/gui/ip-address/104.156.231.44/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.226.94.136/relations
# Reference: https://www.virustotal.com/gui/file/284803a0435ea310b028092934783a9b71d6ea67e46c115d6b4a43d3ca955ce7/detection

http://64.226.94.136
21desire.aytashpo.ru
32desire.aytashpo.ru
68desire.aytashpo.ru
71degrade.aytashpo.ru
71desire.aytashpo.ru
75desire.aytashpo.ru
78desire.aytashpo.ru
85desire.aytashpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/5.44.42.81/relations

intense60.dilaverho.ru
lover.intense60.dilaverho.ru
lower.intense60.dilaverho.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.32.88.90/relations

position71.mahirgo.shop
responsebody71.zardushtgo.ru
stopped24.detroito.ru
until15.mahirgo.shop

# Reference: https://twitter.com/malPileDiver/status/1645901665545908225

agshinpo.ru
akyuldizpo.ru
alpaslanpo.ru
altugpo.ru
garame.ru
velevas.ru

# Reference: https://twitter.com/Cyber0verload/status/1646200848333127708
# Reference: https://www.virustotal.com/gui/ip-address/178.128.123.193/relations
# Reference: https://www.virustotal.com/gui/file/0d60bd4cd33f8b52315125d9d95e7a5b2377aea94be5ba3281678d4935d8e63f/detection

lunch21.danizho.ru
reliable19.danizho.ru
run71.heartbreaking.ru
sand6.danizho.ru
sand81.danizho.ru

# Reference: https://www.virustotal.com/gui/ip-address/5.44.42.59/relations

reliable19.danizho.ru

# Reference: https://twitter.com/malPileDiver/status/1646301875426193410

addzhobo.ru
aydinpo.ru
azibobo.ru

# Reference: https://twitter.com/StopMalvertisin/status/1646492908600840193
# Reference: https://twitter.com/Cyber0verload/status/1646588006495670286
# Reference: https://www.virustotal.com/gui/ip-address/137.184.59.142/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.45/relations
# Reference: https://www.virustotal.com/gui/file/0e7e2929a51696d8851d8c5f9f6f6b10919ab61e829d16215f89fa0671edec10/detection
# Reference: https://www.virustotal.com/gui/file/28746b8010329eaefd2d815732f8f111ba45e3774ead290ea42f5ce68a996837/detection

delight30.takyygi.ru
delight48.takyygi.ru
delight86.takyygi.ru
gloom37.zahidgo.ru
sanction83.raidla.ru
sound.gloom37.zahidgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/95.179.144.161/relations

allocation92.osmanpo.ru
glimpse54.raidla.ru
loop9.hoanzo.ru
needlework15.raminla.ru

# Reference: https://twitter.com/malPileDiver/status/1646938719453077504

akenatenbo.ru
akiikibo.ru
amenemhatbo.ru
anubisbo.ru
azizibo.ru

# Reference: https://twitter.com/malPileDiver/status/1647683310498332675
# Reference: https://www.virustotal.com/gui/ip-address/95.179.215.81/relations

12deceive.murtuzago.ru
15deceive.murtuzago.ru
32deceive.murtuzago.ru
43deceive.murtuzago.ru
71deceive.murtuzago.ru
77delicacy.murtuzago.ru
79delicacy.murtuzago.ru
81deceive.murtuzago.ru
87delicacy.murtuzago.ru
88deceive.murtuzago.ru
deceive.murtuzago.ru

# Reference: https://twitter.com/malPileDiver/status/1647683310498332675
# Reference: https://www.virustotal.com/gui/ip-address/141.164.62.153/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.183.224.97/relations

11describe.aytashpo.ru
16depart.aytashpo.ru
18declaration.aytashpo.ru
1definition.aytashpo.ru
37departed.daglarho.ru
38deck.daglarho.ru
38demonstration.daglarho.ru
3decide.aytashpo.ru
40demonstration.daglarho.ru
41deceive.intigambi.ru
41declaration.aytashpo.ru
44decidedly.intigambi.ru
45decide.aytashpo.ru
46defensive.nureddinpi.ru
46demonstration.daglarho.ru
47demonstration.daglarho.ru
48delusion.daglarho.ru
56deputy.aytashpo.ru
59.deer.apaturinae.ru
59delusion.daglarho.ru
63departments.aytashpo.ru
64decisive.nureddinpi.ru
68declined.aytashpo.ru
70descendant.daglarho.ru
74describe.aytashpo.ru
77dejected.manafgo.ru
78defence.intigambi.ru
79demonstration.daglarho.ru
84depths.aytashpo.ru
85deserved.komekbi.ru
8detachment.intigambi.ru
90departed.daglarho.ru
90detach.intigambi.ru
91desirable.daglarho.ru
92deck.daglarho.ru
96descendant.daglarho.ru
99delusion.daglarho.ru
9decidedly.intigambi.ru
abear.adalatsa.ru
anything.ulitron.ru
createobject.jecura.ru
deer.apaturinae.ru
defeat34.basamdi.ru
defeat63.basamdi.ru
defender37.muazpo.ru
delight20.takyygi.ru
delight40.takyygi.ru
delight71.takyygi.ru
deliver17.basamdi.ru
deliver25.basamdi.ru
deliver71.basamdi.ru
deluge97.basamdi.ru
depart93.basamdi.ru
designed8.basamdi.ru
desolate54.basamdi.ru
desolate74.basamdi.ru
destroy19.basamdi.ru
destroy39.basamdi.ru
destroy69.basamdi.ru
destroy97.basamdi.ru
each.jecura.ru
each71.myuridgo.ru
fairy15.valefgo.ru
fairy76.valefgo.ru
fileexists54.kainatbi.ru
getobject23.lachindo.ru
getobject75.lachindo.ru
getobject77.lachindo.ru
globe44.detroito.ru
glove38.ziyafat.ru
intentional94.allaverdysa.ru
loop50.balabekdi.ru
position71.myuridgo.ru
redim13.lachindo.ru
redim28.lachindo.ru
redim4.lachindo.ru
redim43.lachindo.ru
redim46.lachindo.ru
redim51.lachindo.ru
redim54.lachindo.ru
redim55.lachindo.ru
redim57.lachindo.ru
redim59.lachindo.ru
redim65.lachindo.ru
redim71.kainatbi.ru
redim77.lachindo.ru
redim80.lachindo.ru
redim84.lachindo.ru
redim94.lachindo.ru
redim97.lachindo.ru
regret64.gachagdo.ru
sleep.jecura.ru
squeeze.ulitron.ru
to71.myuridgo.ru
allocation.allow33.sniportas.ru
class.regret64.gachagdo.ru
engage.intentional94.allaverdysa.ru
expandenvironmentstrings72.mazhddo.ru
expandenvironmentstrings73.ramizla.ru
wlunch.reins69.ziyafat.ru
wneck.soul70.dzheyhunho.ru

# Reference: https://twitter.com/fr0s7_/status/1647947820576436224
# Reference: https://www.virustotal.com/gui/ip-address/81.19.141.106/relations
# Reference: https://www.virustotal.com/gui/file/0b50546d3eb0387a7f3cbf4e92d7fca5ac9e3c8358a41ad606ba3ec6546c9c9d/detection

lover18.aychobanpo.ru

# Reference: https://twitter.com/malPileDiver/status/1648048178971701252
# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.26/relations

akenatonbo.ru
aktaypo.ru
amonbo.ru
anumbo.ru
asheypi.ru
atonpi.ru
intense55.aychobanpo.ru
low53.ayzakpo.ru
necklace61.aychobanpo.ru
necklace75.aychobanpo.ru

# Reference: https://twitter.com/MavericksInt/status/1648246438982287360
# Reference: https://www.virustotal.com/gui/file/7232f8c8300efb1b5120765cc9b4a8ad153123707a80286dc2c41d9a5e860ce7/detection
# Reference: https://www.virustotal.com/gui/file/7d90ed946ee71f34c0b35c7bed2c034839e1f002f8dd0b5fca3ab481f10cd589/detection
# Reference: https://www.virustotal.com/gui/file/59c408f738be2a0905a658471e96742a0b5c7b4841b041526361cfbcf5181d0b/detection

http://134.209.153.179
http://81.200.157.206
http://91.200.151.231

# Reference: https://twitter.com/ET_Labs/status/1648382027522080783
# Reference: https://www.virustotal.com/gui/ip-address/128.199.75.108/relations
# Reference: https://www.virustotal.com/gui/file/9ddbcf76e880d148425098bfb424ddb5ca2e746337ab32d152a579d4ae35ca18/detection

http://216.128.128.163
http://31.129.22.68
11decline.ramalla.ru
19decline.ramalla.ru
20delicate.ramalla.ru
23decline.ramalla.ru
2decline.ramalla.ru
2delicate.ramalla.ru
57delicate.ramalla.ru
71decline.ramalla.ru
97decline.ramalla.ru

# Reference: https://twitter.com/malPileDiver/status/1648407500457222146

ahmozpi.ru
badrupi.ru
bakaripi.ru
barakapi.ru

# Reference: https://www.virustotal.com/gui/ip-address/64.226.98.185/relations

xor77.ahmozpi.ru

# Reference: https://www.virustotal.com/gui/ip-address/128.199.83.71/relations

claimed75.badrupi.ru
counteract35.barakapi.ru
stops62.barakapi.ru
stops75.barakapi.ru

# Reference: https://twitter.com/malPileDiver/status/1649216747256389636
# Reference: https://www.virustotal.com/gui/ip-address/216.155.157.161/relations

22defeated.ayrympo.ru
52.demand.dafilas.ru
9defeated.ayrympo.ru
demand.dafilas.ru
descent42.disagreeable.ru

# Reference: https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns
# Reference: https://www.virustotal.com/gui/ip-address/194.180.191.56/relations

http://109.200.159.40
http://109.200.159.46
http://109.200.159.59
http://151.236.30.50
http://192.121.87.11
http://194.180.191.56
mail.daniyarho.ru

# Reference: https://twitter.com/malPileDiver/status/1649484287161389084
# Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations

anherpi.ru
apispi.ru
bankoulpi.ru
barutipi.ru
fushiguro.ru

# Reference: https://twitter.com/malPileDiver/status/1649776814850555905
# Reference: https://www.virustotal.com/gui/ip-address/157.230.59.102/relations
# Reference: https://www.virustotal.com/gui/file/31e60a361509b60e7157756d6899058213140c3b116a7e91207248e5f41a096b/detection
# Reference: https://www.virustotal.com/gui/file/7de1f3fef12c1a7c954edb6f62ead13adb8c0b198b49e0d22e93b4cd385fed04/detection

http://216.155.157.161
http://45.32.68.240
71defeated.ayrympo.ru
shoe81.badrupi.ru

# Reference: https://twitter.com/malPileDiver/status/1650570899454672896

ayarimar.ru
boraito.ru
dussaut.ru
enokida.ru
fortunyzo.ru
kaigitang.ru
nutriag.ru
ruizchris.ru
samiseto.ru
valasati.ru
vilaverde.ru

# Reference: https://twitter.com/StopMalvertisin/status/1650745109519175680
# Reference: https://www.virustotal.com/gui/ip-address/178.128.121.37/relations
# Reference: https://www.virustotal.com/gui/file/f7a6ae1b3a866b7e031f60d5d22d218f99edfe754ef262f449ed3271d6306192/detection

1delusion.daglarho.ru
26desirable.daglarho.ru
49desirable.daglarho.ru
4demonstration.daglarho.ru
51deck.daglarho.ru
52departed.daglarho.ru
53deck.daglarho.ru
68delight.daglarho.ru
6deck.daglarho.ru
95desirable.daglarho.ru
97deck.daglarho.ru
aaa.ulitron.ru
penny26.raidla.ru

# Reference: https://twitter.com/malPileDiver/status/1650968985947471876

adjoining.ru
lokalut.ru
maniacal.ru
suizibel.ru
unequaled.ru
unwieldy.ru

# Reference: https://twitter.com/malPileDiver/status/1651374098415534080
# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.63/relations

baraslx.ru
nahalx.ru
84defeated.ayrympo.ru
enny26.raidla.ru
oe81.badrupi.ru
send.vilaverde.ru
sleep71.talehgi.ru

# Reference: https://twitter.com/malPileDiver/status/1651728614394675200
# Reference: https://www.virustotal.com/gui/ip-address/139.59.62.248/relations

decorous.ru
judicious.ru
succinct.ru
position71.succinct.ru
send71.vilaverde.ru

# Reference: https://www.virustotal.com/gui/ip-address/5.44.42.116/relations
# Reference: https://www.virustotal.com/gui/file/81b6cc6a1e06e8824a4dc54bfb44afb6da175e2ab19502e9c969599ce3999f84/detection

alternative44.decorous.ru
famine39.judicious.ru
famine64.judicious.ru
perfume9.decorous.ru

# Reference: https://twitter.com/malPileDiver/status/1652057352785330186

scattered.ru
squeamish.ru
stupendous.ru

# Reference: https://twitter.com/StopMalvertisin/status/1652217199271243777
# Reference: https://www.virustotal.com/gui/file/4bd5ed5fa1b3f026ac0544457c7c3775a895236ccd1125332bb4cf840a6a24ac/detection
# Reference: https://www.virustotal.com/gui/file/98de4142829d62815a2e07a130c2e41d0af28967c986ef0621752cfc18e67965/detection

http://81.200.156.171
/mo.28.04.gif/
/mo.28.04.gif/barely/deceptive.jpeg

# Reference: https://twitter.com/malPileDiver/status/1652392995432329220
# Reference: https://www.virustotal.com/gui/ip-address/170.64.174.17/relations

115502077.ganara.ru
1787445433.lahatas.ru
980136632.kurapat.ru
buwukynakn.zaskol.ru
f09v6kswrl.nodcmo.ru
w4rk3sceek.nodcmo.ru

# Reference: https://www.virustotal.com/gui/ip-address/170.64.176.71/relations

43decent.stupendous.ru
88deserved.stupendous.ru

# Reference: https://twitter.com/Cyber0verload/status/1652705922332893188
# Reference: https://www.virustotal.com/gui/file/232b55aabd3301e6afa02df3a062c760f1105a0716047a582c1e714da9f0406d/detection

relation46.samiseto.ru

# Reference: https://twitter.com/Cyber0verload/status/1652712792435175424
# Reference: https://www.virustotal.com/gui/ip-address/159.223.56.214/relations
# Reference: https://www.virustotal.com/gui/file/724a0dcede84e6527d16318cc9c425ae8743be4d5c6b5f62aea0ba67ec6b5ac3/detection

http://159.223.56.214
20deserved.stupendous.ru
40deserved.stupendous.ru

# Reference: https://twitter.com/Cyber0verload/status/1653098342858063874
# Reference: https://www.virustotal.com/gui/ip-address/104.248.204.242/relations
# Reference: https://www.virustotal.com/gui/file/e0ca68717b92594cf3a0b265b846a491a38037e5f1af76479aa5a6e78ca9488b/detection

55deity.kyamalgo.shop
62detachment.highfalutin.ru
90departed.marzukgo.shop
deliver98.basamdi.ru
gloomy80.masudgo.shop
pressure53.payampo.ru
write.mohsengo.shop
globe.gloomy80.masudgo.shop

# Reference: https://twitter.com/malPileDiver/status/1653119670558269441

absorbeni.ru
boskatrem.ru
lopraner.ru
malived.ru
taramis.ru

# Reference: https://www.virustotal.com/gui/ip-address/134.209.115.37/detection
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.147/relations

86deserved.stupendous.ru
88deer.stupendous.ru

# Reference: https://twitter.com/Cyber0verload/status/1653325622356193280
# Reference: https://www.virustotal.com/gui/ip-address/143.198.78.253/relations
# Reference: https://www.virustotal.com/gui/file/572650c06d09715b17ba78db89fd323845c00133c483d7fc571ebe3e7b824bfe/detection

penholder89.decorous.ru

# Reference: https://twitter.com/h2jazi/status/1653769493007695872
# Reference: https://www.virustotal.com/gui/file/c7921b6809d2ffd643258ff8f04590528ad68e9474635188003b40bff4a731a8/detection

bestupdater.com

# Reference: https://twitter.com/malPileDiver/status/1653846681266401280
# Reference: https://www.virustotal.com/gui/ip-address/165.232.148.157/relations
# Reference: https://www.virustotal.com/gui/ip-address/167.99.9.163/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.49/relations

farukend.ru
zeraon.ru
41defender.stupendous.ru
58degree.farukend.ru
chr1.hoanzo.ru
chr2.hoanzo.ru
chr25.hoanzo.ru
chr34.hoanzo.ru
chr35.hoanzo.ru
chr46.hoanzo.ru
chr50.hoanzo.ru
chr57.hoanzo.ru
chr61.hoanzo.ru
chr70.hoanzo.ru
chr74.hoanzo.ru
chr84.hoanzo.ru
chr85.hoanzo.ru
chr87.hoanzo.ru
chr93.hoanzo.ru
chr96.hoanzo.ru
county42.badrupi.ru
designed79.aytyurkpo.ru
dim10.hoanzo.ru
dim13.hoanzo.ru
dim19.hoanzo.ru
dim35.hoanzo.ru
dim4.hoanzo.ru
dim48.hoanzo.ru
dim54.hoanzo.ru
dim63.hoanzo.ru
dim66.hoanzo.ru
dim70.hoanzo.ru
dim82.hoanzo.ru
eval1.hoanzo.ru
eval10.hoanzo.ru
eval100.hoanzo.ru
eval11.hoanzo.ru
eval12.hoanzo.ru
eval13.hoanzo.ru
eval15.hoanzo.ru
eval16.hoanzo.ru
eval17.hoanzo.ru
eval18.hoanzo.ru
eval19.hoanzo.ru
eval2.hoanzo.ru
eval20.hoanzo.ru
eval22.hoanzo.ru
eval23.hoanzo.ru
eval24.hoanzo.ru
eval27.hoanzo.ru
eval28.hoanzo.ru
eval29.hoanzo.ru
eval3.hoanzo.ru
eval30.hoanzo.ru
eval32.hoanzo.ru
eval33.hoanzo.ru
eval34.hoanzo.ru
eval35.hoanzo.ru
eval36.hoanzo.ru
eval37.hoanzo.ru
eval39.hoanzo.ru
eval4.hoanzo.ru
eval40.hoanzo.ru
eval41.hoanzo.ru
eval42.hoanzo.ru
eval43.hoanzo.ru
eval44.hoanzo.ru
eval45.hoanzo.ru
eval46.hoanzo.ru
eval47.hoanzo.ru
eval49.hoanzo.ru
eval50.hoanzo.ru
eval51.hoanzo.ru
eval52.hoanzo.ru
eval53.hoanzo.ru
eval54.hoanzo.ru
eval56.hoanzo.ru
eval57.hoanzo.ru
eval58.hoanzo.ru
eval6.hoanzo.ru
eval60.hoanzo.ru
eval61.hoanzo.ru
eval62.hoanzo.ru
eval63.hoanzo.ru
eval64.hoanzo.ru
eval65.hoanzo.ru
eval66.hoanzo.ru
eval68.hoanzo.ru
eval7.hoanzo.ru
eval70.hoanzo.ru
eval73.hoanzo.ru
eval74.hoanzo.ru
eval75.hoanzo.ru
eval76.hoanzo.ru
eval77.hoanzo.ru
eval78.hoanzo.ru
eval79.hoanzo.ru
eval8.hoanzo.ru
eval80.hoanzo.ru
eval81.hoanzo.ru
eval82.hoanzo.ru
eval83.hoanzo.ru
eval84.hoanzo.ru
eval85.hoanzo.ru
eval86.hoanzo.ru
eval87.hoanzo.ru
eval88.hoanzo.ru
eval89.hoanzo.ru
eval9.hoanzo.ru
eval90.hoanzo.ru
eval91.hoanzo.ru
eval92.hoanzo.ru
eval93.hoanzo.ru
eval94.hoanzo.ru
eval95.hoanzo.ru
eval97.hoanzo.ru
eval98.hoanzo.ru
expandenvironmentstrings96.ramizla.ru
mid71.hoanzo.ru
openastextstream92.hoanzo.ru
play.hoanzo.ru
redim1.hoanzo.ru
redim10.hoanzo.ru
redim100.hoanzo.ru
redim12.hoanzo.ru
redim13.hoanzo.ru
redim14.hoanzo.ru
redim15.hoanzo.ru
redim16.hoanzo.ru
redim17.hoanzo.ru
redim18.hoanzo.ru
redim21.hoanzo.ru
redim22.hoanzo.ru
redim23.hoanzo.ru
redim26.hoanzo.ru
redim29.hoanzo.ru
redim32.hoanzo.ru
redim33.hoanzo.ru
redim35.hoanzo.ru
redim36.hoanzo.ru
redim37.hoanzo.ru
redim39.hoanzo.ru
redim4.hoanzo.ru
redim44.hoanzo.ru
redim45.hoanzo.ru
redim46.hoanzo.ru
redim49.hoanzo.ru
redim51.hoanzo.ru
redim54.hoanzo.ru
redim57.hoanzo.ru
redim58.hoanzo.ru
redim59.hoanzo.ru
redim60.hoanzo.ru
redim63.hoanzo.ru
redim64.hoanzo.ru
redim65.hoanzo.ru
redim67.hoanzo.ru
redim68.hoanzo.ru
redim69.hoanzo.ru
redim70.hoanzo.ru
redim71.hoanzo.ru
redim73.hoanzo.ru
redim74.hoanzo.ru
redim76.hoanzo.ru
redim77.hoanzo.ru
redim78.hoanzo.ru
redim79.hoanzo.ru
redim8.hoanzo.ru
redim80.hoanzo.ru
redim81.hoanzo.ru
redim82.hoanzo.ru
redim83.hoanzo.ru
redim84.hoanzo.ru
redim87.hoanzo.ru
redim88.hoanzo.ru
redim89.hoanzo.ru
redim9.hoanzo.ru
redim90.hoanzo.ru
redim91.hoanzo.ru
redim92.hoanzo.ru
redim93.hoanzo.ru
redim94.hoanzo.ru
redim96.hoanzo.ru
redim97.hoanzo.ru
redim98.hoanzo.ru
redim99.hoanzo.ru
savetofile2.hoanzo.ru
savetofile48.hoanzo.ru
savetofile74.hoanzo.ru
send100.hoanzo.ru
send20.hoanzo.ru
send24.hoanzo.ru
send26.hoanzo.ru
send29.hoanzo.ru
send3.hoanzo.ru
send30.hoanzo.ru
send32.hoanzo.ru
send33.hoanzo.ru
send38.hoanzo.ru
send40.hoanzo.ru
send41.hoanzo.ru
send45.hoanzo.ru
send46.hoanzo.ru
send50.hoanzo.ru
send56.hoanzo.ru
send57.hoanzo.ru
send58.hoanzo.ru
send59.hoanzo.ru
send60.hoanzo.ru
send65.hoanzo.ru
send66.hoanzo.ru
send68.hoanzo.ru
send7.hoanzo.ru
send71.hoanzo.ru
send76.hoanzo.ru
send77.hoanzo.ru
send79.hoanzo.ru
send8.hoanzo.ru
send90.hoanzo.ru
send91.hoanzo.ru
send92.hoanzo.ru
send93.hoanzo.ru
send94.hoanzo.ru
send95.hoanzo.ru
send99.hoanzo.ru
sleep33.hoanzo.ru
sleep86.hoanzo.ru
sleep91.hoanzo.ru
to71.hoanzo.ru
write93.hoanzo.ru
write97.hoanzo.ru
wscript72.hoanzo.ru

# Reference: https://twitter.com/StopMalvertisin/status/1655103745083179011
# Reference: https://www.virustotal.com/gui/file/d68335308ec2e58bb8cf1fb63381fdd55b6338241a82a59517cb3211770e6036/detection

courage70.undesirable.ru
goat61.decorous.ru

# Reference: https://www.virustotal.com/gui/ip-address/159.223.198.3/relations

bike44.decorous.ru
sale60.judicious.ru

# Reference: https://twitter.com/malPileDiver/status/1655280554818826243

amoresa.ru
banrasac.ru
brudimar.ru
haramad.ru
lotgunok.ru
norasold.ru
saturnec.ru
vloperang.ru
weratas.ru

# Reference: https://www.virustotal.com/gui/ip-address/165.232.82.235/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.78.239.212/relations

redim.norasold.ru
send71.norasold.ru

# Reference: https://twitter.com/souiten/status/1655410714721529856
# Reference: https://www.virustotal.com/gui/ip-address/46.101.114.106/relations
# Reference: https://www.virustotal.com/gui/file/dcbb432efd5f958e5a3881109c942c75514d0692b5bc1e712e910d220313ac66/detection

14defy.erinaceuso.ru
1deserved.stupendous.ru
27defeated.ayrympo.ru
85defeated.ayrympo.ru
endure32.ibragimo.ru
glimpse.ibragimo.ru
glimpse82.ibragimo.ru
interbase14.ibragimo.ru
stool44.ibragimo.ru
countless.endure32.ibragimo.ru

# Reference: https://twitter.com/malPileDiver/status/1655710112013594626
# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.101/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.103/relations
# Reference: https://www.virustotal.com/gui/ip-address/206.189.12.131/relations

108275726.wicksl.ru
17despite.farukend.ru
4dependent.farukend.ru
53destroyer.anumbo.ru
already39.brudimar.ru
if4.saturnec.ru
xor80.saturnec.ru

# Reference: https://twitter.com/suyog41/status/1655936062307602439
# Reference: https://www.virustotal.com/gui/file/f88bca443089c831c56f53147950bac19beaf7e804a0c5fe9da4018812ea6d4f/detection
# Reference: https://www.virustotal.com/gui/file/b36d9d6d07db7922cd2444314ff0b630ae6c1dc473371fbde133f4f03097086e/detection

http://170.64.152.130

# Reference: https://www.virustotal.com/gui/ip-address/165.22.53.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.77/relations

39.brudimar.ru
neglect92.vloperang.ru

# Reference: https://twitter.com/suyog41/status/1656649174920704000
# Reference: https://www.virustotal.com/gui/file/4e9d18ff14d4510f119418420d80c03b6246e64a6cb574d6ab8d75be3c78af9c/detection

http://159.223.54.203

# Reference: https://twitter.com/StopMalvertisin/status/1656587394018320385
# Reference: https://www.virustotal.com/gui/file/d4423d73bc08c0142431f35f0bd0f392e630c70c212a6f9b01735bea0dae7f78/detection

erceive21.badrupi.ru
gg.badrupi.ru
perceive21.badrupi.ru

# Reference: https://twitter.com/malPileDiver/status/1658187362273222680

dzhabaripa.ru
dzhahipa.ru
goruspa.ru
iknatonpa.ru
kahotepa.ru
kaziyapa.ru
zaherpa.ru
zuberipa.ru

# Reference: https://twitter.com/Cyber0verload/status/1658189500672008232

71delay.dzhahipa.ru
80delay.dzhabaripa.ru
openastextstream.zuberipa.ru

# Reference: https://twitter.com/malPileDiver/status/1658549641804238863

badarus.ru
butiram.ru
donkorpa.ru
kafiripa.ru
kemoziripa.ru
keymnvatipa.ru

# Reference: https://twitter.com/StopMalvertisin/status/1658747923759505408
# Reference: https://www.virustotal.com/gui/ip-address/185.143.223.118/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.166.164.174/relations
# Reference: https://www.virustotal.com/gui/file/13aa44122e2e6d99a40a47c870142ac95dc250c3169c1cfab95ba9c6fe33f542/detection

14december.highfalutin.ru
16december.highfalutin.ru
21descent.mansurdo.ru
29deserter.mardango.ru
2dentist.mardango.ru
31defensive.mardango.ru
38december.highfalutin.ru
39descendant.anumbo.ru
42descent.mansurdo.ru
51december.highfalutin.ru
52delusion.ihtiyarbi.ru
54despair.ihtiyarbi.ru
57december.highfalutin.ru
61declare.mardango.ru
69den.mardango.ru
70december.highfalutin.ru
70deduction.mardango.ru
74deserter.mardango.ru
78despair.ihtiyarbi.ru
7defensive.mardango.ru
7dentist.mardango.ru
83december.highfalutin.ru
90deduction.mardango.ru
90depth.anubisbo.ru
92descent.mansurdo.ru
95december.highfalutin.ru
9december.highfalutin.ru
counsel69.boskatrem.ru
decrepit76.xopekar.ru
prey67.boskatrem.ru
then59.suizibel.ru
xor42.zuberipa.ru

# Reference: https://twitter.com/malPileDiver/status/1658928573892403203

dakareypa.ru
ishakpa.ru
karoanpa.ru

# Reference: https://twitter.com/malPileDiver/status/1659301640703209474

dzhibeydpa.ru
dzhumoukpa.ru
galofad.ru
idogbpa.ru
imenandpa.ru
kemnebipa.ru
knemuso.ru
mensaso.ru
porotad.ru

# Reference: https://twitter.com/StopMalvertisin/status/1659451403100897280
# Reference: https://www.virustotal.com/gui/file/a207059404bfea094d3c07ee456107f26e83fee9e235a84e8e23bb9db64eee6b/detection

allen99.buckso.ru
allocate15.buckso.ru
amazed40.buckso.ru
course45.buckso.ru
faith25.buckso.ru
lucius1.lamentable.ru
lucius88.lamentable.ru
registry2.buckso.ru
goats.amazed40.buckso.ru

# Reference: https://twitter.com/MavericksInt/status/1659850657182957570
# Reference: https://twitter.com/MavericksInt/status/1660658203833532421
# Reference: https://www.virustotal.com/gui/file/d19d979a27723fe440c6801ba93bc3e95a67983dcc35b0f22694118449579966/detection
# Reference: https://www.virustotal.com/gui/file/e93d0cf64a2486eeef192c8c6cf97242c131b459d64b9e4e237324b0e98f9d30/detection
# Reference: https://www.virustotal.com/gui/file/2eb66edbfbadcf5d02218d8fc9611ff650ac1532db73610de548335fbeee2119/detection
# Reference: https://www.virustotal.com/gui/file/1e62d8099702b8e0976697975f57bb8b6e62e5a4d8dcb6c8f0d57f3e54e6b291/detection
# Reference: https://www.virustotal.com/gui/file/0863335519380e4d88f785ab13d978d1efd55869879fbdbc4708dbece755f881/detection

http://80.90.181.243
/ggh.12.05.gif
/ggh.12.05.gif/seized/presented.jpeg
/milSS.12.05.gif
/milSS.12.05.gif/dear/regards.jpeg
/mll.14.05.gif
/mll.14.05.gif/selected/barge.jpeg
/mll.14.05.gif/query/integer.jpeg
/mmo.10.05.gif
/mmo.10.05.gif/based/prefix.jpeg

# Reference: https://twitter.com/malPileDiver/status/1660749203650363392

kontarso.ru
koseyso.ru
kuaashiso.ru
lizimbaso.ru
maatso.ru
mbiziso.ru
menesso.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.42/relations

1020178145.gokols.ru
1420104871.makasd.ru
1649627902.baralap.ru
1728259312.narutasx.ru
1795284560.gokols.ru
1841245068.gokols.ru
1979642691.narutasx.ru
2021007529.gokols.ru
2112733786.gokols.ru
230494973.vohod.ru
398145251.gokols.ru
518422979.baralap.ru
577106826.narutasx.ru
655824342.makasd.ru
665096125.makasd.ru
713696851.makasd.ru
881910787.gokols.ru
941470034.baralap.ru
xxx.acersa.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.182.241.170/relations

58455773.lopasts.ru

# Reference: https://twitter.com/malPileDiver/status/1662212381559377921
# Reference: https://twitter.com/Cyber0verload/status/1662338631418146817
# Reference: https://www.virustotal.com/gui/file/83d3e19851b5864222972dac860e8e18a43acf8be3d228379e09c3383928194d/detection

luzidzhso.ru
mudadazi.ru
muhvanazi.ru
neythzi.ru
trulazek.ru
5destruction.trulazek.ru
16deliberate.trulazek.ru
20depart.trulazek.ru
70descendant.anumbo.ru
asc46.dovlatho.ru
asc59.dovlatho.ru
asc60.dovlatho.ru
asc64.dovlatho.ru
asc66.dovlatho.ru
asc7.dovlatho.ru
asc73.dovlatho.ru
asc74.dovlatho.ru
asc84.dovlatho.ru
chr56.dovlatho.ru
close32.dovlatho.ru
createobject56.dovlatho.ru
defend95.karoanpa.ru
definite49.karoanpa.ru
definite50.karoanpa.ru
definite56.karoanpa.ru
deletefile10.dovlatho.ru
deletefile17.dovlatho.ru
deluge77.karoanpa.ru
demanded10.karoanpa.ru
demanded14.karoanpa.ru
demanded25.karoanpa.ru
demanded30.karoanpa.ru
demanded38.karoanpa.ru
demanded42.karoanpa.ru
demanded77.karoanpa.ru
demanded81.karoanpa.ru
demanded87.karoanpa.ru
demanded92.karoanpa.ru
demanded97.karoanpa.ru
den100.karoanpa.ru
den15.karoanpa.ru
den20.karoanpa.ru
dependant22.agasibi.ru
destruction.trulazek.ru
eval55.mudadazi.ru
getobject71.kontarso.ru
regularly.percent20.plutoniumo.ru

# Reference: https://www.virustotal.com/gui/file/e567fcf99640e0c3e521abe6c29a467f74eb49fc170b8ffa26981587cb6d85b2/detection

25defect.mansurdo.ru

# Reference: https://twitter.com/StopMalvertisin/status/1663938140342718465
# Reference: https://www.virustotal.com/gui/file/b5a04e7f45c993f50320bd5beff5f709eb88e5782b0560497653edcff25967d6/detection
# Reference: https://www.virustotal.com/gui/file/2a00062de622d0f93c44392a9a0b92432ac9bb1852ce1984a2affb4617872e6d/detection

amazing84.vloperang.ru
countless20.vloperang.ru
countless64.vloperang.ru
countless7.absorbeni.ru
countless76.absorbeni.ru
countless77.absorbeni.ru
countless90.absorbeni.ru
fake73.vloperang.ru
fame73.vloperang.ru
neglect35.vloperang.ru
prickly26.vloperang.ru
prickly53.vloperang.ru
regret93.absorbeni.ru
rejoined49.absorbeni.ru

# Reference: https://twitter.com/Cyber0verload/status/1664621238671536132

mhotepzi.ru
minkazi.ru
naborzi.ru
nahtizi.ru
nebibizi.ru
nebtoizi.ru
neferzi.ru
panahaziso.ru
rashidiso.ru

# Reference: https://twitter.com/malPileDiver/status/1664994456976736256

fausts.ru
gustavas.ru

# Reference: https://twitter.com/Cyber0verload/status/1665036417683140610

gajasx.ru
itoram.ru
nalfas.ru
rvawc.ru
tulocal.ru

# Reference: https://twitter.com/Cyber0verload/status/1665076262191218690

blootundicht.ru
boptizol.ru
reposant.ru
viratuk.ru
yorisant.ru
15demanded.blootundicht.ru
71demanded.blootundicht.ru
deduction63.xopekar.ru
penholder92.viratuk.ru
visible38.yorisant.ru

# Reference: https://twitter.com/Cyber0verload/status/1665667765267562499

havxcq.ru
oddzhiso.ru
okparaso.ru
omariso.ru
ozaharso.ru
ozirisso.ru
remmaoso.ru

# Reference: https://twitter.com/Cyber0verload/status/1667482368234381319

agonepi.ru
albacorepi.ru
bladefishpi.ru
dumerilipi.ru
dzhabrailho.ru
gawcq.ru
gawsxc.ru
perccottuspi.ru
razuiso.ru
reyyfadsf.ru
spatulapi.ru
tispai.ru

# Reference: https://twitter.com/StopMalvertisin/status/1668671694112956416
# Reference: https://www.virustotal.com/gui/file/bb2dd0559d129ffa24189cf8db110c1e5cb7f8f7b853eb31d519107f5c3532b4/detection
# Reference: https://www.virustotal.com/gui/file/e08e7ca157feb7df5e5556295bb3f70ce7cd5ff1a02fd5d580f1d33f0886da21/detection

ally25.royalpo.ru
ally73.royalpo.ru
bdhu.royalpo.ru
ammunition58.royalpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.31/relations

68deluge.nebibizi.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.202.41.119/relations

bgfy.bdhu.royalpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.106/relations

19necklace75.aychobanpo.ru

# Reference: https://twitter.com/Cyber0verload/status/1669312050542125058

logans.ru

# Reference: https://twitter.com/Cyber0verload/status/1670904054132756482

atacamabo.ru
barrimor.ru
gobibo.ru
rieturc.ru
tispai.ru
voscod.ru

# Reference: https://twitter.com/StopMalvertisin/status/1672194968520388609
# Reference: https://www.virustotal.com/gui/file/9f5a40df1bfdcc1dfe49d8398baf287fc849dbe34fb7a0b2f56200d26dba1a8c/detection
# Reference: https://www.virustotal.com/gui/file/dd60242a8852e34392d483d598609188cc29fc8b0e974de17948f670ecb7f97b/detection

http://45.82.14.15
/mou.05.05.gif/prayers/lose.jpeg
/mou.05.05.gif/regards/seeming.jpeg
/mou.05.05.gif

# Reference: https://twitter.com/StopMalvertisin/status/1672131699373936640
# Reference: https://www.virustotal.com/gui/file/bba350a2f217c1a15c6646a128f10c8ae325519ca2e2d39759ca3791d0ecfbd8/detection

prime97.unixoni.ru
stool.prime97.unixoni.ru
/perceive/beverley/beverley/beverley/perceive.reg
/perceive/beverley/beverley/beverley/
/perceive/beverley/beverley/
/perceive/beverley/

# Reference: https://twitter.com/Cyber0verload/status/1673271585678020608

bukatam.ru
durakam.ru
gutarax.ru
kyzylkumbo.ru
namibbo.ru
negevbo.ru
totalav.ru

# Reference: https://twitter.com/StopMalvertisin/status/1674460280900947970
# Reference: https://www.virustotal.com/gui/file/b1e5781f8cb500f306211a954bfe4a7bb19eeb8fa95b71f64052611bdfde30b1/detection

http://89.185.84.140
100delivery.remmaoso.ru
14delicious.remmaoso.ru
15decline.remmaoso.ru
24decline.remmaoso.ru
29deceptive.remmaoso.ru
39delicious.remmaoso.ru
53delicious.remmaoso.ru
59deep.remmaoso.ru
5descendant.remmaoso.ru
65delightful.remmaoso.ru
66delicious.remmaoso.ru
71decline.remmaoso.ru
71deduction.remmaoso.ru
71delivered.remmaoso.ru
71deluge.remmaoso.ru
71destruction.remmaoso.ru
74delicious.remmaoso.ru
77despise.remmaoso.ru
95delicious.remmaoso.ru
96decency.remmaoso.ru
97deliverance.remmaoso.ru

# Reference: https://twitter.com/Cyber0verload/status/1675954349745270784

hanotip.ru
ideolot.ru

# Reference: https://twitter.com/StopMalvertisin/status/1676106184343052288
# Reference: https://www.virustotal.com/gui/file/e7c290bbc729533e1cf05da1e70d1b3f7ad9db3998c37fc4d6fb5e11e263114c/detection

http://46.29.234.106
21deliverance.remmaoso.ru

# Reference: https://twitter.com/StopMalvertisin/status/1676198612349652994
# Reference: https://www.virustotal.com/gui/file/83a4ac741a6947a9e22124ae6162b91afe1f89f22ce8b4b16935b4edd6984404/detection

http://45.95.232.148
61deceptive.remmaoso.ru

# Reference: https://www.virustotal.com/gui/file/a01ff39c0ba0b341b5843dbe174d52d7df1f82d99d06d8e01971290fd4390c46/detection

utilsdownloader.com

# Reference: https://twitter.com/Cyber0verload/status/1678150909694443520
# Reference: https://twitter.com/Cyber0verload/status/1678151014459879432

iraty.ru
marginisbi.ru
opela.ru
orientalebi.ru
procellarumbi.ru
uteroma.ru
for30.procellarumbi.ru
for71.procellarumbi.ru
len61.procellarumbi.ru
loop71.procellarumbi.ru
to30.procellarumbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1679757171469307904

anguisbi.ru
cresozoq.ru
humorumbi.ru
imbriumbi.ru
macda.ru
mojavebo.ru
nicsan.ru
patrios.ru
saharabo.ru
wadibo.ru
wahibabo.ru

# Reference: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
# Reference: https://www.virustotal.com/gui/file/3ead4cabb81ca458cb86206de574b6f82758c01cad3ee8fbafcf2b05f23f601f/detection

http://45.95.235.56
/sus.27.06/bandy/intended.jpeg
/sus.27.06/bandy/
/sus.27.06
/Teleg.23.06/guided/prayers.jpeg
/Teleg.23.06/guided/
/Teleg.23.06

# Reference: https://www.virustotal.com/gui/ip-address/185.143.223.228/relations
# Reference: https://www.virustotal.com/gui/file/00ca60e7ee2e6376379d7a320b94bab086e57de11d22616b3815f04c9cd2e106/detection
# Reference: https://www.virustotal.com/gui/file/285bf896997d7c9a62540ae6279602bd395c8794b5199c2e90263e7948d9a51a/detection

86deserted.minkazi.ru
95derived.fortunyzo.ru
am.soul29.antilopes.ru
bible67.dzheyhunho.ru
bicyclelist.god88.sagittariuso.ru
billion76.damirho.ru
courageous62.boskatrem.ru
deceived1.karoanpa.ru
delayed71.akenatenbo.ru
faithful.salary64.antilopes.ru
faithful.salary90.antilopes.ru
fancied.bible67.dzheyhunho.ru
god88.sagittariuso.ru
luggage83.ayzakpo.ru
luxury82.antilopes.ru
presume.luxury82.antilopes.ru
prevent.stool35.antilopes.ru
read52.kemnebipa.ru
responsebody14.dumerilipi.ru
responsebody31.dumerilipi.ru
responsebody39.dumerilipi.ru
responsebody60.dumerilipi.ru
salary64.antilopes.ru
salary90.antilopes.ru
savetofile71.bakaripi.ru
setrequestheader71.goruspa.ru
setrequestheader8.nebtoizi.ru
soul29.antilopes.ru
stool35.antilopes.ru
write16.dumerilipi.ru
write48.dumerilipi.ru
write59.dumerilipi.ru
write85.dumerilipi.ru

# Reference: https://www.virustotal.com/gui/domain/boskatrem.ru/relations

counsel29.boskatrem.ru
courageous15.boskatrem.ru
courageous18.boskatrem.ru
courageous3.boskatrem.ru
courageous34.boskatrem.ru
courageous44.boskatrem.ru
courageous50.boskatrem.ru
courageous67.boskatrem.ru
courageous72.boskatrem.ru
courageous8.boskatrem.ru
neatly39.boskatrem.ru
sanction60.boskatrem.ru
sanction66.boskatrem.ru
sanction93.boskatrem.ru

# Reference: https://twitter.com/Cyber0verload/status/1684235362170994689
# Reference: https://www.virustotal.com/gui/file/80bcacd8eb08caa7533f5acf245bdd2e2867cb72645a9099990b003f6c51923c/detection

need.cryptonas.ru
interface59.need.cryptonas.ru

# Reference: https://twitter.com/StopMalvertisin/status/1684604760576729088
# Reference: https://www.virustotal.com/gui/file/bfa0d90c18d10454ee5c09b12d63aa458b9f4de42087069b93df1a383698e43d/detection

enemy96.phoenixo.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.23.108.122/relations

30deluge.mhotepzi.ru
33deluge.mhotepzi.ru
3deserved.stupendous.ru
41deluge.mhotepzi.ru
49deserved.stupendous.ru
4deluge.mhotepzi.ru
54deluge.mhotepzi.ru
72deluge.mhotepzi.ru
73deluge.mhotepzi.ru
82deluge.mhotepzi.ru
83deluge.mhotepzi.ru
85deluge.mhotepzi.ru
8deluge.mhotepzi.ru
94deluge.mhotepzi.ru
98deluge.mhotepzi.ru
99deluge.mhotepzi.ru
9deluge.mhotepzi.ru
alone.classic96.gayado.ru
alongside.falling69.munzirpo.ru
alphabet45.allaverdysa.ru
ambition.salary12.avvadbi.ru
ambition20.brudimar.ru
asc24.dzhibeydpa.ru
bewail.navy24.ihsana.ru
bewail.prevented96.vienz.ru
bike68.dzhingua.ru
bike82.dzhingua.ru
classic96.gayado.ru
council.bike68.dzhingua.ru
council.bike82.dzhingua.ru
count.sally72.athenet.ru
courageous47.boskatrem.ru
createobject14.nebtoizi.ru
defined19.dzhumoukpa.ru
defined67.dzhumoukpa.ru
defined74.dzhumoukpa.ru
defined8.dzhumoukpa.ru
defined83.dzhumoukpa.ru
defined86.dzhumoukpa.ru
delve11.agonepi.ru
destination41.xopekar.ru
destination87.xopekar.ru
destination89.xopekar.ru
dim64.lamentable.ru
dim70.albacorepi.ru
enemy42.gayado.ru
enemy94.gayado.ru
enforce.alphabet45.allaverdysa.ru
fake37.birto.ru
falling69.munzirpo.ru
getfile93.ruzipo.ru
getfile99.ruzipo.ru
getobject34.lamentable.ru
glittering8.aegialiteso.ru
gloomy.salt37.gadzhido.ru
if49.lizimbaso.ru
intended.lower28.athenet.ru
intercourse.registered18.iingtey.ru
len58.nebtoizi.ru
low.source80.gahramando.ru
lower28.athenet.ru
mid52.dzhibeydpa.ru
naturally1.agshinsa.ru
naturally5.agshinsa.ru
navy24.ihsana.ru
nearly.fake37.birto.ru
neatly33.bankoulpi.ru
neatly67.bankoulpi.ru
neatly79.bankoulpi.ru
neck44.deyanetho.ru
perceived.sam59.zardusht.ru
perform.naturally1.agshinsa.ru
perform.naturally5.agshinsa.ru
position87.atonpi.ru
prevented96.vienz.ru
prick95.baloglandi.ru
prickly12.vloperang.ru
prickly27.vloperang.ru
prickly32.vloperang.ru
prickly33.vloperang.ru
prickly36.vloperang.ru
prickly42.vloperang.ru
prickly48.vloperang.ru
prickly57.vloperang.ru
prickly61.vloperang.ru
prickly63.vloperang.ru
prickly77.vloperang.ru
prickly83.vloperang.ru
princess.prick95.baloglandi.ru
redim90.aktanpo.ru
registered.enemy42.gayado.ru
registered.enemy94.gayado.ru
registered18.iingtey.ru
regulate.glittering8.aegialiteso.ru
run18.dzhieyi.ru
run37.ozaharso.ru
run48.nebtoizi.ru
salary12.avvadbi.ru
sally72.athenet.ru
salt37.gadzhido.ru
sam59.zardusht.ru
set42.nebtoizi.ru
sleep69.ozaharso.ru
soup.neck44.deyanetho.ru
source80.gahramando.ru
to44.kaziyapa.ru
type52.atonpi.ru
visible7.aktanpo.ru
while25.ruzipo.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.143.223.141/relations

allied36.vloperang.ru
ambitious.counteract37.agshinsa.ru
counteract37.agshinsa.ru
getobject76.nebtoizi.ru
ned88.barakapi.ru
setrequestheader2.nebtoizi.ru
soup.perceived34.vezirgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.101/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.95.232.178/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.98/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.35.34.153/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.136/relations
# Reference: https://www.virustotal.com/gui/file/ead4f0c2857b797a64d88ce86cba920a41f1171538478866d120dbb82594cc09/detection

nubiumbi.ru
100desire.aytashpo.ru
11deluge.mhotepzi.ru
13decline.remmaoso.ru
13deluge.mhotepzi.ru
17deluge.mhotepzi.ru
18deluge.mhotepzi.ru
20des.oddzhiso.ru
22deluge.mhotepzi.ru
23deserved.stupendous.ru
24deluge.mhotepzi.ru
27deluge.mhotepzi.ru
31deluge.mhotepzi.ru
35deluge.mhotepzi.ru
36decline.remmaoso.ru
39deluge.mhotepzi.ru
40deluge.mhotepzi.ru
43deluge.mhotepzi.ru
45deluge.mhotepzi.ru
46desire.aytashpo.ru
47deluge.mhotepzi.ru
53deluge.mhotepzi.ru
59deluge.mhotepzi.ru
75deluge.mhotepzi.ru
76defiant.savalanpo.ru
77deluge.mhotepzi.ru
80deluge.mhotepzi.ru
82defensive.mardango.ru
82destroyer.anumbo.ru
86deluge.mhotepzi.ru
87deluge.mhotepzi.ru
90deluge.mhotepzi.ru
93deluge.mhotepzi.ru
96deserved.komekbi.ru
97desire.aytashpo.ru
altogether11.raidla.ru
ambition28.brudimar.ru
asc30.gobibo.ru
bicycle11.raidla.ru
bicycle41.raidla.ru
bicycle90.raidla.ru
big3.barakapi.ru
clap6.rustampo.ru
clap9.rustampo.ru
countless90.vloperang.ru
courageous17.boskatrem.ru
courageous2.boskatrem.ru
courageous92.boskatrem.ru
declare26.agonepi.ru
deduction24.agonepi.ru
defined20.dzhumoukpa.ru
defined53.dzhumoukpa.ru
defined59.dzhumoukpa.ru
defined77.dzhumoukpa.ru
dependant51.agonepi.ru
dependant68.agasibi.ru
designed48.basamdi.ru
dim20.kyzylkumbo.ru
do.jecura.ru
end100.cicindi.ru
eval92.squeamish.ru
getfile14.procellarumbi.ru
getfile17.procellarumbi.ru
getobject87.lachindo.ru
glimpse14.raidla.ru
glimpse25.raidla.ru
glimpse3.raidla.ru
glimpse69.raidla.ru
glowing31.lamentable.ru
if11.procellarumbi.ru
if86.procellarumbi.ru
if9.procellarumbi.ru
integer24.samiseto.ru
intent.performed72.mamduhgo.ru
intentions23.badrupi.ru
interesting50.galibdo.ru
len28.kyzylkumbo.ru
loop90.dumerilipi.ru
necessarily.lustre41.anaso.ru
penny39.raidla.ru
perfect52.raidla.ru
position11.nubiumbi.ru
presume.end100.cicindi.ru
pretence29.raidla.ru
pretence3.raidla.ru
pretence52.raidla.ru
pretence75.raidla.ru
prickly84.vloperang.ru
redim93.lachindo.ru
reins15.unwieldy.ru
responsebody.jecura.ru
sanction68.boskatrem.ru
send17.dumerilipi.ru
send74.dumerilipi.ru
setrequestheader19.kyzylkumbo.ru
setrequestheader19.perccottuspi.ru
source.couple23.ballyngo.ru
visible98.kyzylkumbo.ru
wscript92.gobibo.ru

# Reference: https://twitter.com/Cyber0verload/status/1686973026884079616
# Reference: https://twitter.com/Cyber0verload/status/1688523260978212864

acaenaso.ru
acanthusso.ru
achilleaso.ru
aconitumso.ru
acorusso.ru
adiantumso.ru
aethionemaso.ru
alceaso.ru
alismaso.ru
alliumso.ru
baruta.ru
bolonna.ru
bulot.ru
buritoc.ru
butoza.ru
cupata.ru
rogac.ru
tolofa.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.96/relations

2052102744.bolonna.ru

# Reference: https://www.virustotal.com/gui/ip-address/188.94.156.162/relations
# Reference: https://www.virustotal.com/gui/file/1c858b253ce705ca815d36cce7b1641d02b53c1f8e986cafd201de127d3bc5c2/detection
# Reference: https://www.virustotal.com/gui/file/ce10afe1dec6fbc11d0a122574912dffd29f7b32fd7e1981377541958aa04428/detection

http://217.78.239.60
2088127799.bolonna.ru
13deplore.trulazek.ru
18desolate.trulazek.ru
19deplore.trulazek.ru
1deliverance.trulazek.ru
25deliverance.trulazek.ru
27deplore.trulazek.ru
29deliberate.trulazek.ru
30deplore.trulazek.ru
32deliverance.trulazek.ru
33defy.trulazek.ru
39deplore.trulazek.ru
3defy.trulazek.ru
46defy.trulazek.ru
46deplore.trulazek.ru
47desolate.trulazek.ru
48deliverance.trulazek.ru
48desert.trulazek.ru
49defy.trulazek.ru
49deplore.trulazek.ru
4defy.trulazek.ru
56desolate.trulazek.ru
57deliverance.trulazek.ru
57detach.trulazek.ru
59defy.trulazek.ru
66deplore.trulazek.ru
67deputy.trulazek.ru
68defy.trulazek.ru
69degrade.trulazek.ru
70defy.trulazek.ru
71deliverance.trulazek.ru
76deficiency.trulazek.ru
80desolate.trulazek.ru
81defy.trulazek.ru
86defy.trulazek.ru
87defy.trulazek.ru
88deliverance.trulazek.ru
94defy.trulazek.ru
defy.trulazek.ru
/snclude56/index.html

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.92/relations

1004539663.bulot.ru
1009522443.bulot.ru
1041421151.bulot.ru
1056804114.bulot.ru
1083148285.baruta.ru
1100971190.bulot.ru
1190389923.bulot.ru
1216463824.bulot.ru
1282855944.bulot.ru
1320784923.bulot.ru
1336911229.bulot.ru
1338093644.bulot.ru
1352507629.bulot.ru
1377024900.bulot.ru
1380730222.bulot.ru
138161186.baruta.ru
1397669523.bulot.ru
1416194715.bulot.ru
1505757872.bulot.ru
1531672593.bulot.ru
1544871944.bulot.ru
1574202033.bulot.ru
169444111.bulot.ru
1708501777.bulot.ru
1728500600.bulot.ru
1769375990.bulot.ru
1771368509.bulot.ru
1820298338.bulot.ru
1845672544.bulot.ru
1899514622.baruta.ru
1944366479.bulot.ru
1968548658.bulot.ru
2129958973.bulot.ru
252465544.bulot.ru
278469092.bulot.ru
299114423.bulot.ru
393867731.bulot.ru
490100004.bulot.ru
518176818.bulot.ru
519907810.bulot.ru
52474933.bulot.ru
617880439.bulot.ru
687602470.bulot.ru
688865628.baruta.ru
706760578.baruta.ru
724003059.baruta.ru
742003382.bulot.ru
760072693.bulot.ru
785662892.bulot.ru
79951705.bulot.ru
905686152.baruta.ru
938181855.baruta.ru
944973782.bulot.ru
doesnt-exist.opela.ru
ftp.baruta.ru
ftp.opela.ru
mail.baruta.ru
mail.opela.ru
smtp.baruta.ru
smtp.opela.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.95/relations

10desperate.acanthusso.ru
11decay.acanthusso.ru
11desperate.acanthusso.ru
12decrease.acanthusso.ru
13decay.acanthusso.ru
14desperate.acanthusso.ru
15decay.acanthusso.ru
19decrease.acanthusso.ru
20decay.acanthusso.ru
20decrease.acanthusso.ru
22desperate.acanthusso.ru
23decrease.acanthusso.ru
24defence.acanthusso.ru
26decrease.acanthusso.ru
26desperate.acanthusso.ru
2desperate.acanthusso.ru
32decay.acanthusso.ru
33decay.acanthusso.ru
33defence.acanthusso.ru
36decay.acanthusso.ru
37decay.acanthusso.ru
37desperate.acanthusso.ru
38decay.acanthusso.ru
3desperate.acanthusso.ru
40defence.acanthusso.ru
42decrease.acanthusso.ru
43decrease.acanthusso.ru
43defence.acanthusso.ru
44desperate.acanthusso.ru
46desperate.acanthusso.ru
4decrease.acanthusso.ru
4desperate.acanthusso.ru
52desperate.acanthusso.ru
53decrease.acanthusso.ru
54decay.acanthusso.ru
56decrease.acanthusso.ru
57defence.acanthusso.ru
58desperate.acanthusso.ru
59desperate.acanthusso.ru
5defence.acanthusso.ru
64decrease.acanthusso.ru
66desperate.acanthusso.ru
67decrease.acanthusso.ru
67desperate.acanthusso.ru
68decrease.acanthusso.ru
68defence.acanthusso.ru
70decrease.acanthusso.ru
78decrease.acanthusso.ru
79decay.acanthusso.ru
7decrease.acanthusso.ru
80decay.acanthusso.ru
80decrease.acanthusso.ru
82desperate.acanthusso.ru
83decrease.acanthusso.ru
84decay.acanthusso.ru
86desperate.acanthusso.ru
89decrease.acanthusso.ru
91decrease.acanthusso.ru
92decay.acanthusso.ru
93decay.acanthusso.ru
93desperate.acanthusso.ru
96decay.acanthusso.ru
96decrease.acanthusso.ru
99desperate.acanthusso.ru
asc73.aconitumso.ru
dim17.aconitumso.ru
dim27.aconitumso.ru
dim35.aconitumso.ru
dim50.aconitumso.ru
dim98.aconitumso.ru
getfile21.aconitumso.ru
if39.aconitumso.ru
loop26.aconitumso.ru
properties_55.aconitumso.ru
until64.aconitumso.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.95/relations

46desire.aytashpo.ru
87defined.remmaoso.ru
88defined.remmaoso.ru
bicycle19.raidla.ru
bicycle32.raidla.ru
bicycle76.raidla.ru
bicycle90.raidla.ru
claimed.salute8.ananiyagi.ru
country.between31.sagittariuso.ru
deletefile54.achilleaso.ru
deletefile71.achilleaso.ru
deletefile78.achilleaso.ru
enemy.endlessly15.bahtiyardi.ru
glowing31.lamentable.ru
goal25.bashaardi.ru
going.goal25.bashaardi.ru
perfect53.raidla.ru
pressure20.gahramando.ru
pretence20.raidla.ru
responsebody11.achilleaso.ru
responsebody17.achilleaso.ru
responsebody30.achilleaso.ru
responsebody37.achilleaso.ru
responsebody63.achilleaso.ru
run1.achilleaso.ru
run16.achilleaso.ru
run17.achilleaso.ru
run24.achilleaso.ru
run36.achilleaso.ru
run38.achilleaso.ru
run47.achilleaso.ru
run48.achilleaso.ru
run50.achilleaso.ru
run54.achilleaso.ru
run55.achilleaso.ru
run6.achilleaso.ru
run61.achilleaso.ru
run65.achilleaso.ru
run68.achilleaso.ru
run75.achilleaso.ru
run76.achilleaso.ru
run78.achilleaso.ru
run9.achilleaso.ru
salute8.ananiyagi.ru
shone.pressure20.gahramando.ru
stoppage53.danizho.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.93/relations

12definitely.adiantumso.ru
25defence.adiantumso.ru
26deserter.adiantumso.ru
33dense.adiantumso.ru
79deserter.adiantumso.ru
82depart.adiantumso.ru
93deserter.adiantumso.ru
delayed15.acorusso.ru
delayed27.acorusso.ru
delayed35.acorusso.ru
delayed99.acorusso.ru
demanded21.acorusso.ru
descendant14.acorusso.ru
descendant22.acorusso.ru
descendant48.acorusso.ru
descendant62.acorusso.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.182.205.71/relations

chr2.aethionemaso.ru
chr21.aethionemaso.ru
chr29.aethionemaso.ru
chr38.aethionemaso.ru
chr4.aethionemaso.ru
chr40.aethionemaso.ru
chr43.aethionemaso.ru
chr47.aethionemaso.ru
chr74.aethionemaso.ru
chr86.aethionemaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.50/relations

1156206008.cupata.ru
691159144.macda.ru
86236166.macda.ru
decline68.alliumso.ru
denial18.alliumso.ru
denial9.alliumso.ru
denial99.alliumso.ru

# Reference: https://twitter.com/Cyber0verload/status/1689612317338587137

golador.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.97/relations

24defiant.trulazek.ru
25defeat.trulazek.ru
32defiant.trulazek.ru
45defy.trulazek.ru
71defiant.trulazek.ru
75defiant.trulazek.ru
80defy.trulazek.ru
b.vafikgo.ru
bicycle35.raidla.ru
couple85.brudimar.ru
encyclopedia83.samiseto.ru
enemies6.absorbeni.ru
gloomily67.gachagdo.ru
position7.nubiumbi.ru

# Reference: https://twitter.com/Cyber0verload/status/1691778814391595176

antarcticos.ru
atlanticos.ru
honota.ru
indianos.ru
tologam.ru
tulacon.ru

# Reference: https://twitter.com/Cyber0verload/status/1691784626958737562
# Reference: https://www.virustotal.com/gui/file/2769ce54ab811ff7c0fdf13078fa2a1aecefea18974f2960ce8a6ae58c5d0af4/
# Reference: https://www.virustotal.com/gui/file/ed38675db27922bc9f907fc331f0ed8786573892bd5da7552988546b13d1d2be/detection

stoppage.shredova.ru
beverley.stoppage.shredova.ru

# Reference: https://www.virustotal.com/gui/ip-address/94.228.125.57/relations

bikes.shredova.ru
shoot.bikes.shredova.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.253.218.191/relations

gloomily.shredova.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.124.206.167/relations

printing.shredova.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.56/relations

delusion73.atlanticos.ru

# Reference: https://twitter.com/fuyinglab/status/1692118737376460992
# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.157/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.69/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.179/relations
# Reference: https://www.virustotal.com/gui/file/279b78b0bd66180eb547ca219cfbacdf7446133de296f078f30c619cfa42a922/detection

crisiumbi.ru
49defiant.trulazek.ru
59destroyer.anumbo.ru
88defiant.trulazek.ru
ambulance9.vloperang.ru
chr92.crisiumbi.ru
claimed34.osmanpo.ru
claimed61.osmanpo.ru
claimed76.osmanpo.ru
claimed94.osmanpo.ru
claimed98.osmanpo.ru
counsel62.danizho.ru
desk74.namibbo.ru
dim24.crisiumbi.ru
dim45.crisiumbi.ru
endeavour31.alpansa.ru
faithful48.absorbeni.ru
fallen41.undesirable.ru
fallen42.undesirable.ru
fallen50.undesirable.ru
if13.crisiumbi.ru
if17.crisiumbi.ru
if39.crisiumbi.ru
if43.crisiumbi.ru
if46.crisiumbi.ru
if54.crisiumbi.ru
if58.crisiumbi.ru
if66.crisiumbi.ru
if8.crisiumbi.ru
if88.crisiumbi.ru
loop50.crisiumbi.ru
loop71.crisiumbi.ru
pressure10.barakapi.ru
prickly10.vloperang.ru
prickly17.vloperang.ru
prickly2.vloperang.ru
prickly21.vloperang.ru
prickly23.vloperang.ru
prickly31.vloperang.ru
prickly39.vloperang.ru
prickly43.vloperang.ru
prickly44.vloperang.ru
prickly45.vloperang.ru
prickly62.vloperang.ru
prickly70.vloperang.ru
prickly72.vloperang.ru
prickly89.vloperang.ru
prickly90.vloperang.ru
prickly99.vloperang.ru
soul7.brudimar.ru
properties_94.crisiumbi.ru
shone.endeavour31.alpansa.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.217/relations

deliverance.remmaoso.ru
dim95.albacorepi.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.39.204.211/relations

deletefile62.marginisbi.ru
relations11.fushiguro.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.137/relations

position39.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.233.193/relations

2depended.remmaoso.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.85/relations

66deny.materialistic.ru
depths99.akyuldizpo.ru
send85.sabirpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.92/relations

30defiant.trulazek.ru
65defiant.trulazek.ru

# Reference: https://www.virustotal.com/gui/domain/marginisbi.ru/relations

chr58.marginisbi.ru
deletefile71.marginisbi.ru
function2.marginisbi.ru
function71.marginisbi.ru
function96.marginisbi.ru
set60.marginisbi.ru
set78.marginisbi.ru
type10.marginisbi.ru
type32.marginisbi.ru
type48.marginisbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.143/relations
# Reference: https://www.virustotal.com/gui/file/d2af7cb0a877821ca71cae977afd4827730d4cd8299a94c6b81ec3d8e02ae394/detection

amorous26.brudimar.ru
decree20.dashgynrho.ru
destroy61.basamdi.ru
each62.mansurgo.ru
glimpse7.raidla.ru
if37.crisiumbi.ru
mid71.myuridgo.ru
pretence83.raidla.ru

# Reference: https://www.virustotal.com/gui/domain/ulitron.ru/relations

71deeply.ulitron.ru
abdicating.ulitron.ru
abnegator.ulitron.ru
bbbb.ulitron.ru
phrenocostal.ulitron.ru

# Reference: https://www.virustotal.com/gui/ip-address/77.246.111.50/relations

100decline.oddzhiso.ru
10delicious.negevbo.ru
12demand.negevbo.ru
16delicious.negevbo.ru
17demand.negevbo.ru
26decay.razuiso.ru
33delicious.negevbo.ru
33denied.atacamabo.ru
34decay.razuiso.ru
37delicious.negevbo.ru
45delicious.negevbo.ru
47decay.razuiso.ru
49delicious.negevbo.ru
54delicious.negevbo.ru
67designs.negevbo.ru
71delicious.negevbo.ru
7designs.negevbo.ru
81designs.negevbo.ru
8delicious.negevbo.ru
93deep.rasimla.ru
95decay.razuiso.ru
along.fallen33.allaverdysa.ru
along.fallen92.allaverdysa.ru
ambulance62.vloperang.ru
createobject58.mudadazi.ru
decide27.neferzi.ru
decide42.neferzi.ru
decide55.neferzi.ru
decide92.neferzi.ru
declared46.stereotyped.ru
decorate17.namibbo.ru
decorate55.namibbo.ru
deer77.rufatpo.ru
defeated51.rufatpo.ru
defined24.dzhumoukpa.ru
defined29.dzhumoukpa.ru
defined47.dzhumoukpa.ru
defined79.dzhumoukpa.ru
delicate43.namibbo.ru
delicate64.namibbo.ru
den41.namibbo.ru
deploy38.rashidiso.ru
deploy41.rashidiso.ru
deploy62.rashidiso.ru
desperately90.aytyurkpo.ru
destruction43.orduhanpi.ru
dim16.nebtoizi.ru
eval56.mazhddo.ru
fallen33.allaverdysa.ru
fallen92.allaverdysa.ru
if71.bladefishpi.ru
lucius.salute37.ilkinbi.ru
position55.kyzylkumbo.ru
run55.gobibo.ru
run95.gobibo.ru
salute37.ilkinbi.ru
snifters.reniumo.ru
trivet.hydrogeniumo.ru
wscript16.ozaharso.ru
wscript28.ozaharso.ru
wscript30.ozaharso.ru
wscript31.ozaharso.ru
wscript70.kyzylkumbo.ru
wscript81.ozaharso.ru
wscript97.ozaharso.ru

# Reference: https://twitter.com/Cyber0verload/status/1694448759055306800

andamanos.ru
arabianos.ru
balticos.ru
barentsot.ru
beringos.ru
bourtos.ru
gutaram.ru
hopers.ru
maplils.ru
pacificos.ru
ragolum.ru
taraloa.ru
varakal.ru

# Reference: https://www.virustotal.com/gui/ip-address/128.199.180.217/relations

if71.beringos.ru
len71.beringos.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.89/relations

007b9f33257f40a1ae9ad17e81497620.hopers.ru
09cb592b8982431fbdeba0d65dcedb47.hopers.ru
0b88948c8cc34efca2dfad9841aee4a5.vasimgo.ru
0fd3a83fa12b4f21b96c61e0791b2826.validgo.ru
186d133b21104f4e868a9ae94ac7a935.hopers.ru
210ff877f7564ec89c007bb38a04ab16.hopers.ru
30f3d529398441d0af8670ce65030a6c.vasimgo.ru
58f2918ff95a4a7286135b199117b01a.hopers.ru
5c141c6776e947f9b2ac471bff450a83.vasimgo.ru
5c4281b40a75490c891cb074b6c56afa.hopers.ru
7e7c938e66974e29a7d5daa5a7f1cf45.hopers.ru
7f6dab3f208342a6a6f22bef0417476d.vasimgo.ru
90ce7e69a46a42a4ad18de7764d63667.hopers.ru
99c68a0b2fc943d8b5343b36c70dd2c2.hopers.ru
9e7d776c40a446558bb5055fd2ebbb3f.hopers.ru
c02a9eb432de414e9864b43988e5a4bd.vasimgo.ru
c1a66cae6946494fbe4a946f9533fb71.hopers.ru
c20f6feef08e4ba3aa31ce8c3b60f6f3.hopers.ru
cf4fdb86c3f64385a7c496ccd53aa385.vasimgo.ru
cfd9c21221154df4b20077a095423f73.hopers.ru
d5198d62a7e741e19e5c4eb6ff0a9dc3.hopers.ru
d5fec964d1554ed49b49e80059edc90f.hopers.ru
deadc4aff3d743f1b22aeb4b147e8122.hopers.ru
f4ce8d8fe14f4bfd94565176e67b19e1.hopers.ru
f701dc14747343508b004373dc19e748.vasimgo.ru
faeb6b5ce2f04f4e912971ba9c8185f4.hopers.ru
fcf8edf19df14c61896c9d9cb2855860.hopers.ru

# Reference: https://twitter.com/Cyber0verload/status/1695025902780924153

kolidas.ru
pohudim.ru
tadrogim.ru
youdad.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.129/relations

29decency.intigambi.ru
function70.crisiumbi.ru
if42.crisiumbi.ru
position41.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.163/relations

family26.mohsenpo.ru
function71.crisiumbi.ru
prickly47.vloperang.ru
sale5.vusalgo.ru
sale93.vusalgo.ru
endurance.family26.mohsenpo.ru

# Reference: https://twitter.com/tosscoinwitcher/status/1696231936849797257

18deceptive.remmaoso.ru
20depended.remmaoso.ru
35defined.remmaoso.ru
40defined.remmaoso.ru
40delicious.remmaoso.ru
55depended.remmaoso.ru
57deliverance.remmaoso.ru
62descendant.remmaoso.ru
64deliverance.remmaoso.ru
68deliverance.remmaoso.ru
71depended.remmaoso.ru
75deep.remmaoso.ru
76defined.remmaoso.ru
77deliverance.remmaoso.ru
7desperate.remmaoso.ru
85deceptive.remmaoso.ru
91defect.remmaoso.ru
92defined.remmaoso.ru
92delicious.remmaoso.ru
99defect.remmaoso.ru

# Reference: https://www.virustotal.com/gui/ip-address/128.199.180.217/relations

loop12.beringos.ru
loop21.beringos.ru
loop25.beringos.ru
loop38.beringos.ru
loop53.beringos.ru
loop59.beringos.ru
loop60.beringos.ru
loop91.beringos.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.119/relations

10deploy.alceaso.ru
33deploy.alceaso.ru
4deploy.alceaso.ru
55deploy.alceaso.ru
58deploy.alceaso.ru
70deploy.alceaso.ru
77deploy.alceaso.ru
88deploy.alceaso.ru
91deploy.alceaso.ru
getfile29.balticos.ru
send22.arabianos.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.136/relations

asc72.arabianos.ru
getfile17.balticos.ru
getfile44.balticos.ru
loop7.arabianos.ru
loop88.arabianos.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.104/relations
# Reference: https://www.virustotal.com/gui/file/fde3637ad202756805cc1e8800d6031f160c34744af632fa989ebd1737cb74bb/detection
# Reference: https://www.virustotal.com/gui/file/21411246ff3237dfce81cbe82966c4876a44c0961d834ce1c9578cd1aed8593d/detection

36deploy.alceaso.ru
87deploy.alceaso.ru
91deliverance.remmaoso.ru
redim55.acaenaso.ru
send64.arabianos.ru

# Reference: https://twitter.com/DmitriyMelikov/status/1696622404485759404
# Reference: https://www.virustotal.com/gui/file/e4de676ddb2ef92816a587e0b9d73ad56fc03ed99f654f17577eafa5b068f6b9/detection

allow42.vilitord.ru
glowing70.vilitord.ru
principles67.vilitord.ru

# Reference: https://www.rnbo.gov.ua/files/2023_YEAR/CYBERCENTER/Gamaredon_activity.pdf

deep.rashidiso.ru
deep17.wadibo.ru
deep22.rashidiso.ru
deep23.wadibo.ru
deep3.wadibo.ru
deep34.wadibo.ru
deep38.wadibo.ru
deep42.wadibo.ru
deep45.wadibo.ru
deep47.wadibo.ru
deep48.wadibo.ru
deep5.wadibo.ru
deep70.wadibo.ru
degrade72.humorumbi.ru
delightful.humorumbi.ru
demonstrate.rashidiso.ru
demonstration.wadibo.ru
departure.humorumbi.ru
departure47.humorumbi.ru
savetofile26.bakaripi.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.124/relations

interest31.mamnungo.ru
registration.interest31.mamnungo.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.103/relations

1565746852.macda.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.39.204.215/relations
# Reference: https://www.virustotal.com/gui/file/7978dfa292d21185b87932fd6fcc98e32740a1f7797659b2b5d6261c6930b71f/detection

0wsw44lbs6.paramants.ru
691159144.macda.ru
86236166.macda.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.39.204.196/relations

158764971.macda.ru
689825124.macda.ru
96145517.macda.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.248.152.19/relations

522879681.macda.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.119.134/relations

1000061142.ganara.ru
1002139495.ganara.ru
1349098581.ganara.ru
1418823122.ganara.ru
1478217475.ganara.ru
1587633468.ganara.ru
2083798586.ganara.ru
2115155473.ganara.ru
281615063.ganara.ru
307495274.ganara.ru
417940731.ganara.ru
454007217.ganara.ru
57243892.ganara.ru
71.paramants.ru
711174337.ganara.ru
801406858.ganara.ru
811815876.ganara.ru
873515184.ganara.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.161.251.47/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.161.251.64/relations

22decisive.alceaso.ru
59deserted.razuiso.ru
claimed36.osmanpo.ru
claimed83.osmanpo.ru
each2.nubiumbi.ru
function534.crisiumbi.ru
getobject49.marginisbi.ru
if8.procellarumbi.ru
loop81.acaenaso.ru
position77.nubiumbi.ru
prickly56.vloperang.ru
prickly59.vloperang.ru
prickly71.vloperang.ru
send29.arabianos.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.161.251.49/relations

1678502748.iraty.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.161.251.54/relations

urdevont.ru
deposit175.urdevont.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.103

encyclopenia83.samiseto.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.63/relations

encyclopedia.samiseto.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.234/relations

credomched.ru
lestemps.ru
decree29.urdevont.ru
deliberately14.lestemps.ru
deliberately19.lestemps.ru
deliberately35.lestemps.ru
deliberately50.lestemps.ru
deliberately55.lestemps.ru
deliberately77.lestemps.ru
des90.credomched.ru
desk14.lestemps.ru
desk30.lestemps.ru
desk38.lestemps.ru
desk48.lestemps.ru
desk70.lestemps.ru
desk9.lestemps.ru
desk98.lestemps.ru
despair70.lestemps.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.227/relations

despise78.lestemps.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.231/relations

67delirium.unequaled.ru
asc47.acaenaso.ru
prick77.brudimar.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.228/relations

naughty59.omariso.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.239/relations

asc44.acaenaso.ru
deletefile39.marginisbi.ru
type66.marginisbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.244/relations

prickly14.vloperang.ru
sleep70.suizibel.ru

# Reference: https://twitter.com/Cyber0verload/status/1700502854073463070
# Reference: https://www.virustotal.com/gui/file/4a9949e519246c5e4471f7b06f63acb7543bb4904f7f7ef6bb2e33830f47cceb/detection

preview98.vloperang.ru
prickly19.vloperang.ru
prickly20.vloperang.ru
prickly34.vloperang.ru
prickly38.vloperang.ru
prickly41.vloperang.ru
prickly46.vloperang.ru
prickly50.vloperang.ru
prickly52.vloperang.ru
prickly67.vloperang.ru
prickly68.vloperang.ru
prickly7.vloperang.ru
prickly74.vloperang.ru
prickly75.vloperang.ru
prickly8.vloperang.ru
prickly80.vloperang.ru
prickly81.vloperang.ru
prickly85.vloperang.ru
prickly86.vloperang.ru
prickly87.vloperang.ru
prickly88.vloperang.ru
prickly96.vloperang.ru
prickly98.vloperang.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.23.107.242/relations

to13.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.51/relations

16defiant.alceaso.ru
to14.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.75/relations
# Reference: https://www.virustotal.com/gui/file/81f7360302e4dcc3e315ac51b0ab1945004809cad1e622ad7a7452889dad3bd7/detection

14deliverance.remmaoso.ru
openastextstream99.acaenaso.ru
to72.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.23.108.249/relations

deletefile29.marginisbi.ru
type38.marginisbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.116/relations

if94.crisiumbi.ru

# Reference: https://twitter.com/DmitriyMelikov/status/1704812301256135106
# Reference: https://www.virustotal.com/gui/file/4772f52463ffa414c9845f2eb3f0c70852010d4093749dd232ff3f9e910bf33f/detection

b.wokoras.ru
intelligence56.wokoras.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.170/relations

defined49.urdevont.ru
despair6.ragibpo.ru
destroy66.basamdi.ru
fileexists4.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.51/relations
# Reference: https://www.virustotal.com/gui/file/4b4bc5bcc084f735459f7f1927b3da850fc2b1fc816bf06238bc4950f197eead/detection
# Reference: https://www.virustotal.com/gui/file/a616507e85db735d0ce8db681feab2dc993a4168ebe0e71fc505352e1802646b/detection

http://85.159.229.31
progerod.ru
19delayed.alceaso.ru
32delayed.alceaso.ru
40delayed.alceaso.ru
58delayed.alceaso.ru
71delight.progerod.ru
72delayed.alceaso.ru
adcvidusofo.dakareypa.ru
asc1.ozaharso.ru
asc10.ozaharso.ru
asc11.ozaharso.ru
asc13.ozaharso.ru
asc14.ozaharso.ru
asc15.ozaharso.ru
asc16.ozaharso.ru
asc18.ozaharso.ru
asc19.ozaharso.ru
asc2.ozaharso.ru
asc20.ozaharso.ru
asc21.ozaharso.ru
asc22.ozaharso.ru
asc23.acaenaso.ru
asc23.ozaharso.ru
asc24.ozaharso.ru
asc26.ozaharso.ru
asc28.ozaharso.ru
asc29.ozaharso.ru
asc30.ozaharso.ru
asc31.ozaharso.ru
asc32.ozaharso.ru
asc35.ozaharso.ru
asc36.ozaharso.ru
asc37.ozaharso.ru
asc4.ozaharso.ru
asc42.ozaharso.ru
asc43.ozaharso.ru
asc45.ozaharso.ru
asc46.ozaharso.ru
asc48.ozaharso.ru
asc49.ozaharso.ru
asc5.ozaharso.ru
asc51.ozaharso.ru
asc52.ozaharso.ru
asc54.ozaharso.ru
asc55.ozaharso.ru
asc56.ozaharso.ru
asc6.ozaharso.ru
asc60.ozaharso.ru
asc61.nubiumbi.ru
asc61.ozaharso.ru
asc62.ozaharso.ru
asc63.ozaharso.ru
asc65.ozaharso.ru
asc66.ozaharso.ru
asc67.ozaharso.ru
asc68.ozaharso.ru
asc69.ozaharso.ru
asc7.ozaharso.ru
asc70.ozaharso.ru
asc71.ozaharso.ru
asc72.ozaharso.ru
asc73.ozaharso.ru
asc74.ozaharso.ru
asc75.ozaharso.ru
asc8.ozaharso.ru
asc80.ozaharso.ru
asc81.ozaharso.ru
asc82.ozaharso.ru
asc85.ozaharso.ru
asc86.ozaharso.ru
asc88.ozaharso.ru
asc9.ozaharso.ru
asc90.ozaharso.ru
asc91.ozaharso.ru
asc92.ozaharso.ru
asc93.ozaharso.ru
asc94.ozaharso.ru
asc97.ozaharso.ru
asc98.ozaharso.ru
asc99.ozaharso.ru
bmakrqpvuwi.suizibel.ru
close1.nubiumbi.ru
close11.nubiumbi.ru
close14.nubiumbi.ru
close17.nubiumbi.ru
close19.nubiumbi.ru
close21.nubiumbi.ru
close22.nubiumbi.ru
close23.nubiumbi.ru
close29.nubiumbi.ru
close3.nubiumbi.ru
close32.nubiumbi.ru
close33.nubiumbi.ru
close36.nubiumbi.ru
close37.nubiumbi.ru
close38.nubiumbi.ru
close39.nubiumbi.ru
close40.nubiumbi.ru
close43.nubiumbi.ru
close45.nubiumbi.ru
close47.nubiumbi.ru
close48.nubiumbi.ru
close50.nubiumbi.ru
close52.nubiumbi.ru
close55.nubiumbi.ru
close56.nubiumbi.ru
close58.nubiumbi.ru
close59.nubiumbi.ru
close61.nubiumbi.ru
close66.nubiumbi.ru
close67.nubiumbi.ru
close68.nubiumbi.ru
close70.nubiumbi.ru
close72.nubiumbi.ru
close73.nubiumbi.ru
close75.nubiumbi.ru
close77.nubiumbi.ru
close81.nubiumbi.ru
close83.nubiumbi.ru
close84.nubiumbi.ru
close86.nubiumbi.ru
close87.nubiumbi.ru
close89.nubiumbi.ru
close9.nubiumbi.ru
close90.nubiumbi.ru
close92.nubiumbi.ru
close94.nubiumbi.ru
close97.nubiumbi.ru
close98.nubiumbi.ru
close99.nubiumbi.ru
deletefile.dzhafarho.ru
deletefile1.acaenaso.ru
deletefile1.dzhafarho.ru
deletefile10.ozaharso.ru
deletefile100.nubiumbi.ru
deletefile11.ozaharso.ru
deletefile12.ozaharso.ru
deletefile13.acaenaso.ru
deletefile14.ozaharso.ru
deletefile15.dzhafarho.ru
deletefile15.ozaharso.ru
deletefile17.nubiumbi.ru
deletefile17.ozaharso.ru
deletefile19.ozaharso.ru
deletefile20.nubiumbi.ru
deletefile20.ozaharso.ru
deletefile22.acaenaso.ru
deletefile23.acaenaso.ru
deletefile23.nubiumbi.ru
deletefile23.ozaharso.ru
deletefile25.ozaharso.ru
deletefile28.nubiumbi.ru
deletefile29.nubiumbi.ru
deletefile29.ozaharso.ru
deletefile3.nubiumbi.ru
deletefile30.acaenaso.ru
deletefile30.nubiumbi.ru
deletefile30.ozaharso.ru
deletefile32.ozaharso.ru
deletefile33.ozaharso.ru
deletefile35.ozaharso.ru
deletefile36.nubiumbi.ru
deletefile36.ozaharso.ru
deletefile37.nubiumbi.ru
deletefile37.ozaharso.ru
deletefile38.acaenaso.ru
deletefile38.nubiumbi.ru
deletefile38.ozaharso.ru
deletefile39.nubiumbi.ru
deletefile40.nubiumbi.ru
deletefile41.acaenaso.ru
deletefile41.ozaharso.ru
deletefile42.ozaharso.ru
deletefile43.ozaharso.ru
deletefile44.nubiumbi.ru
deletefile44.ozaharso.ru
deletefile45.ozaharso.ru
deletefile47.acaenaso.ru
deletefile5.ozaharso.ru
deletefile50.dzhafarho.ru
deletefile50.nubiumbi.ru
deletefile50.ozaharso.ru
deletefile52.acaenaso.ru
deletefile52.ozaharso.ru
deletefile53.nubiumbi.ru
deletefile53.ozaharso.ru
deletefile54.ozaharso.ru
deletefile55.acaenaso.ru
deletefile55.ozaharso.ru
deletefile56.ozaharso.ru
deletefile58.ozaharso.ru
deletefile59.nubiumbi.ru
deletefile59.ozaharso.ru
deletefile6.acaenaso.ru
deletefile6.ozaharso.ru
deletefile61.nubiumbi.ru
deletefile61.ozaharso.ru
deletefile63.acaenaso.ru
deletefile64.acaenaso.ru
deletefile64.ozaharso.ru
deletefile65.ozaharso.ru
deletefile67.nubiumbi.ru
deletefile67.ozaharso.ru
deletefile68.nubiumbi.ru
deletefile69.nubiumbi.ru
deletefile7.nubiumbi.ru
deletefile7.ozaharso.ru
deletefile73.nubiumbi.ru
deletefile73.ozaharso.ru
deletefile75.ozaharso.ru
deletefile76.ozaharso.ru
deletefile77.ozaharso.ru
deletefile78.ozaharso.ru
deletefile79.nubiumbi.ru
deletefile79.ozaharso.ru
deletefile8.ozaharso.ru
deletefile80.nubiumbi.ru
deletefile80.ozaharso.ru
deletefile81.nubiumbi.ru
deletefile82.nubiumbi.ru
deletefile83.dzhafarho.ru
deletefile83.ozaharso.ru
deletefile86.nubiumbi.ru
deletefile86.ozaharso.ru
deletefile87.nubiumbi.ru
deletefile87.ozaharso.ru
deletefile89.nubiumbi.ru
deletefile9.ozaharso.ru
deletefile90.ozaharso.ru
deletefile91.ozaharso.ru
deletefile93.nubiumbi.ru
deletefile94.ozaharso.ru
deletefile95.ozaharso.ru
deletefile96.nubiumbi.ru
deletefile96.ozaharso.ru
deletefile97.acaenaso.ru
deletefile97.ozaharso.ru
deletefile98.ozaharso.ru
dim1.suizibel.ru
dim100.suizibel.ru
dim11.suizibel.ru
dim12.suizibel.ru
dim13.suizibel.ru
dim14.suizibel.ru
dim15.suizibel.ru
dim16.suizibel.ru
dim18.suizibel.ru
dim19.suizibel.ru
dim2.suizibel.ru
dim20.suizibel.ru
dim21.dakareypa.ru
dim21.suizibel.ru
dim23.suizibel.ru
dim25.suizibel.ru
dim26.dakareypa.ru
dim26.suizibel.ru
dim27.suizibel.ru
dim29.suizibel.ru
dim3.suizibel.ru
dim30.suizibel.ru
dim31.suizibel.ru
dim32.suizibel.ru
dim33.suizibel.ru
dim34.suizibel.ru
dim36.suizibel.ru
dim37.suizibel.ru
dim39.suizibel.ru
dim4.suizibel.ru
dim40.suizibel.ru
dim41.suizibel.ru
dim42.suizibel.ru
dim43.suizibel.ru
dim44.suizibel.ru
dim45.suizibel.ru
dim46.suizibel.ru
dim47.suizibel.ru
dim48.suizibel.ru
dim49.suizibel.ru
dim5.suizibel.ru
dim50.suizibel.ru
dim51.suizibel.ru
dim52.dakareypa.ru
dim53.suizibel.ru
dim54.suizibel.ru
dim55.suizibel.ru
dim56.suizibel.ru
dim57.suizibel.ru
dim59.dakareypa.ru
dim6.suizibel.ru
dim60.suizibel.ru
dim62.suizibel.ru
dim63.dakareypa.ru
dim65.suizibel.ru
dim66.suizibel.ru
dim68.suizibel.ru
dim69.suizibel.ru
dim7.suizibel.ru
dim70.suizibel.ru
dim72.suizibel.ru
dim73.suizibel.ru
dim74.suizibel.ru
dim76.suizibel.ru
dim77.suizibel.ru
dim78.suizibel.ru
dim79.suizibel.ru
dim80.suizibel.ru
dim81.suizibel.ru
dim82.suizibel.ru
dim84.suizibel.ru
dim85.suizibel.ru
dim86.suizibel.ru
dim87.suizibel.ru
dim88.suizibel.ru
dim89.dakareypa.ru
dim89.suizibel.ru
dim90.suizibel.ru
dim91.suizibel.ru
dim92.suizibel.ru
dim93.suizibel.ru
dim94.suizibel.ru
dim95.suizibel.ru
dim96.suizibel.ru
dim97.suizibel.ru
dim98.suizibel.ru
dim99.suizibel.ru
do1.acaenaso.ru
do100.acaenaso.ru
do16.acaenaso.ru
do17.acaenaso.ru
do18.acaenaso.ru
do20.acaenaso.ru
do21.acaenaso.ru
do22.acaenaso.ru
do23.acaenaso.ru
do24.acaenaso.ru
do26.acaenaso.ru
do27.acaenaso.ru
do28.nubiumbi.ru
do29.acaenaso.ru
do29.nubiumbi.ru
do3.acaenaso.ru
do32.acaenaso.ru
do33.acaenaso.ru
do34.acaenaso.ru
do37.acaenaso.ru
do38.acaenaso.ru
do39.acaenaso.ru
do4.acaenaso.ru
do40.acaenaso.ru
do41.acaenaso.ru
do43.acaenaso.ru
do44.acaenaso.ru
do45.acaenaso.ru
do46.acaenaso.ru
do49.acaenaso.ru
do5.acaenaso.ru
do51.acaenaso.ru
do52.acaenaso.ru
do52.nubiumbi.ru
do54.acaenaso.ru
do56.acaenaso.ru
do57.acaenaso.ru
do59.acaenaso.ru
do60.acaenaso.ru
do61.acaenaso.ru
do63.acaenaso.ru
do64.acaenaso.ru
do65.acaenaso.ru
do67.acaenaso.ru
do68.acaenaso.ru
do69.acaenaso.ru
do7.acaenaso.ru
do70.acaenaso.ru
do70.nubiumbi.ru
do71.acaenaso.ru
do73.acaenaso.ru
do74.acaenaso.ru
do75.acaenaso.ru
do76.acaenaso.ru
do77.acaenaso.ru
do78.acaenaso.ru
do79.acaenaso.ru
do8.acaenaso.ru
do81.acaenaso.ru
do82.acaenaso.ru
do83.acaenaso.ru
do85.nubiumbi.ru
do86.acaenaso.ru
do87.acaenaso.ru
do88.acaenaso.ru
do9.acaenaso.ru
do90.acaenaso.ru
do92.acaenaso.ru
do93.acaenaso.ru
do94.acaenaso.ru
do95.acaenaso.ru
do97.acaenaso.ru
do99.acaenaso.ru
each16.nubiumbi.ru
each17.acaenaso.ru
each22.nubiumbi.ru
each33.acaenaso.ru
each46.acaenaso.ru
each54.nubiumbi.ru
each74.nubiumbi.ru
each81.acaenaso.ru
each89.acaenaso.ru
each90.nubiumbi.ru
encyclopedia47.raidla.ru
expandenvironmentstrings32.nubiumbi.ru
expandenvironmentstrings75.nubiumbi.ru
fileexists21.nubiumbi.ru
fileexists36.nubiumbi.ru
fileexists61.acaenaso.ru
fileexists61.nubiumbi.ru
fileexists69.nubiumbi.ru
for10.acaenaso.ru
for12.acaenaso.ru
for13.acaenaso.ru
for14.acaenaso.ru
for14.nubiumbi.ru
for15.acaenaso.ru
for16.acaenaso.ru
for16.nubiumbi.ru
for17.acaenaso.ru
for18.acaenaso.ru
for19.acaenaso.ru
for19.nubiumbi.ru
for20.acaenaso.ru
for21.acaenaso.ru
for22.acaenaso.ru
for23.acaenaso.ru
for24.acaenaso.ru
for25.acaenaso.ru
for27.acaenaso.ru
for28.acaenaso.ru
for29.acaenaso.ru
for30.acaenaso.ru
for31.acaenaso.ru
for33.acaenaso.ru
for34.acaenaso.ru
for34.nubiumbi.ru
for35.acaenaso.ru
for36.acaenaso.ru
for37.acaenaso.ru
for38.acaenaso.ru
for4.acaenaso.ru
for40.acaenaso.ru
for41.acaenaso.ru
for43.acaenaso.ru
for44.acaenaso.ru
for46.acaenaso.ru
for47.acaenaso.ru
for49.acaenaso.ru
for5.acaenaso.ru
for50.acaenaso.ru
for51.acaenaso.ru
for54.acaenaso.ru
for55.acaenaso.ru
for56.acaenaso.ru
for57.acaenaso.ru
for58.acaenaso.ru
for59.acaenaso.ru
for6.acaenaso.ru
for60.acaenaso.ru
for61.acaenaso.ru
for62.acaenaso.ru
for64.acaenaso.ru
for65.acaenaso.ru
for65.nubiumbi.ru
for66.acaenaso.ru
for66.nubiumbi.ru
for67.acaenaso.ru
for68.acaenaso.ru
for69.acaenaso.ru
for7.acaenaso.ru
for71.acaenaso.ru
for72.acaenaso.ru
for73.acaenaso.ru
for73.nubiumbi.ru
for74.acaenaso.ru
for75.acaenaso.ru
for77.acaenaso.ru
for78.acaenaso.ru
for8.nubiumbi.ru
for80.acaenaso.ru
for80.nubiumbi.ru
for81.acaenaso.ru
for83.acaenaso.ru
for84.nubiumbi.ru
for86.acaenaso.ru
for89.acaenaso.ru
for92.acaenaso.ru
for93.acaenaso.ru
for94.acaenaso.ru
for95.acaenaso.ru
for96.acaenaso.ru
for97.acaenaso.ru
for98.acaenaso.ru
for99.acaenaso.ru
getfile13.nubiumbi.ru
getfile18.nubiumbi.ru
getfile23.nubiumbi.ru
getfile24.nubiumbi.ru
getfile42.nubiumbi.ru
getfile5.nubiumbi.ru
getfile52.nubiumbi.ru
getfile7.nubiumbi.ru
getfile77.nubiumbi.ru
getfile81.nubiumbi.ru
getobject18.acaenaso.ru
getobject69.acaenaso.ru
if1.nubiumbi.ru
if100.nubiumbi.ru
if11.nubiumbi.ru
if17.nubiumbi.ru
if18.nubiumbi.ru
if19.nubiumbi.ru
if21.nubiumbi.ru
if23.nubiumbi.ru
if29.nubiumbi.ru
if30.nubiumbi.ru
if31.nubiumbi.ru
if32.nubiumbi.ru
if34.nubiumbi.ru
if35.nubiumbi.ru
if37.nubiumbi.ru
if38.nubiumbi.ru
if4.nubiumbi.ru
if40.nubiumbi.ru
if42.nubiumbi.ru
if45.nubiumbi.ru
if46.nubiumbi.ru
if50.nubiumbi.ru
if54.nubiumbi.ru
if57.nubiumbi.ru
if6.nubiumbi.ru
if60.nubiumbi.ru
if62.nubiumbi.ru
if63.nubiumbi.ru
if66.acaenaso.ru
if68.nubiumbi.ru
if70.nubiumbi.ru
if73.nubiumbi.ru
if74.nubiumbi.ru
if75.nubiumbi.ru
if79.nubiumbi.ru
if8.nubiumbi.ru
if82.nubiumbi.ru
if84.nubiumbi.ru
if85.nubiumbi.ru
if89.nubiumbi.ru
if93.nubiumbi.ru
if94.nubiumbi.ru
if95.nubiumbi.ru
if99.nubiumbi.ru
len55.nubiumbi.ru
len78.nubiumbi.ru
loop42.nubiumbi.ru
loop58.ozaharso.ru
mail.dakareypa.ru
mid14.suizibel.ru
mid16.suizibel.ru
mid17.suizibel.ru
mid18.suizibel.ru
mid3.suizibel.ru
mid31.suizibel.ru
mid34.suizibel.ru
mid36.suizibel.ru
mid40.suizibel.ru
mid44.suizibel.ru
mid52.suizibel.ru
mid67.suizibel.ru
mid71.suizibel.ru
mid76.suizibel.ru
mid89.suizibel.ru
mid9.suizibel.ru
openastextstream16.nubiumbi.ru
openastextstream18.nubiumbi.ru
openastextstream29.nubiumbi.ru
openastextstream37.nubiumbi.ru
openastextstream42.nubiumbi.ru
openastextstream51.nubiumbi.ru
openastextstream57.nubiumbi.ru
openastextstream66.nubiumbi.ru
openastextstream67.nubiumbi.ru
openastextstream7.nubiumbi.ru
openastextstream72.nubiumbi.ru
openastextstream75.nubiumbi.ru
openastextstream88.nubiumbi.ru
openastextstream92.nubiumbi.ru
openastextstream94.nubiumbi.ru
position23.ozaharso.ru
position27.nubiumbi.ru
position29.ozaharso.ru
position32.ozaharso.ru
position37.ozaharso.ru
position39.ozaharso.ru
position48.ozaharso.ru
position51.nubiumbi.ru
position51.ozaharso.ru
position55.nubiumbi.ru
position56.ozaharso.ru
position58.ozaharso.ru
position6.ozaharso.ru
position60.ozaharso.ru
position62.ozaharso.ru
position63.nubiumbi.ru
position71.ozaharso.ru
position72.ozaharso.ru
position73.ozaharso.ru
position74.nubiumbi.ru
position75.ozaharso.ru
position83.ozaharso.ru
position86.ozaharso.ru
position9.ozaharso.ru
position92.ozaharso.ru
position96.nubiumbi.ru
position96.ozaharso.ru
properties_28.nubiumbi.ru
read1.nubiumbi.ru
read100.nubiumbi.ru
read27.nubiumbi.ru
read33.nubiumbi.ru
read60.nubiumbi.ru
read66.acaenaso.ru
read66.nubiumbi.ru
read77.acaenaso.ru
read89.nubiumbi.ru
read97.acaenaso.ru
read97.nubiumbi.ru
redim10.acaenaso.ru
redim39.acaenaso.ru
redim40.acaenaso.ru
redim56.acaenaso.ru
redim76.acaenaso.ru
responsebody13.nubiumbi.ru
responsebody14.nubiumbi.ru
responsebody17.nubiumbi.ru
responsebody18.nubiumbi.ru
responsebody2.nubiumbi.ru
responsebody26.nubiumbi.ru
responsebody3.nubiumbi.ru
responsebody30.nubiumbi.ru
responsebody31.nubiumbi.ru
responsebody33.nubiumbi.ru
responsebody40.nubiumbi.ru
responsebody42.nubiumbi.ru
responsebody43.nubiumbi.ru
responsebody44.nubiumbi.ru
responsebody45.nubiumbi.ru
responsebody47.nubiumbi.ru
responsebody5.nubiumbi.ru
responsebody64.nubiumbi.ru
responsebody66.nubiumbi.ru
responsebody68.nubiumbi.ru
responsebody77.nubiumbi.ru
responsebody79.nubiumbi.ru
responsebody80.nubiumbi.ru
responsebody81.nubiumbi.ru
responsebody88.nubiumbi.ru
responsebody89.nubiumbi.ru
responsebody9.nubiumbi.ru
responsebody93.nubiumbi.ru
responsebody94.nubiumbi.ru
savetofile15.nubiumbi.ru
savetofile19.nubiumbi.ru
savetofile27.nubiumbi.ru
savetofile28.nubiumbi.ru
savetofile3.nubiumbi.ru
savetofile37.nubiumbi.ru
savetofile50.nubiumbi.ru
savetofile56.nubiumbi.ru
savetofile65.nubiumbi.ru
savetofile75.nubiumbi.ru
savetofile84.nubiumbi.ru
savetofile87.nubiumbi.ru
sber.dakareypa.ru
sberbank.dakareypa.ru
sdek.dakareypa.ru
send44.nubiumbi.ru
set10.suizibel.ru
set11.nubiumbi.ru
set33.suizibel.ru
set38.suizibel.ru
set40.suizibel.ru
set45.nubiumbi.ru
set50.suizibel.ru
set56.nubiumbi.ru
set7.suizibel.ru
set78.nubiumbi.ru
set8.nubiumbi.ru
set8.suizibel.ru
set87.nubiumbi.ru
set9.nubiumbi.ru
set90.suizibel.ru
set94.suizibel.ru
sleep10.ozaharso.ru
sleep11.ozaharso.ru
sleep16.ozaharso.ru
sleep17.ozaharso.ru
sleep25.ozaharso.ru
sleep26.ozaharso.ru
sleep31.ozaharso.ru
sleep32.ozaharso.ru
sleep34.ozaharso.ru
sleep44.ozaharso.ru
sleep46.acaenaso.ru
sleep56.ozaharso.ru
sleep57.ozaharso.ru
sleep62.nubiumbi.ru
sleep64.ozaharso.ru
sleep67.ozaharso.ru
sleep68.ozaharso.ru
sleep70.ozaharso.ru
sleep81.nubiumbi.ru
sleep86.ozaharso.ru
sleep87.ozaharso.ru
sleep90.ozaharso.ru
sleep92.ozaharso.ru
sleep99.ozaharso.ru
smtp.dakareypa.ru
thsid.dakareypa.ru
to1.acaenaso.ru
to11.acaenaso.ru
to12.acaenaso.ru
to16.acaenaso.ru
to19.acaenaso.ru
to20.acaenaso.ru
to21.acaenaso.ru
to22.acaenaso.ru
to23.acaenaso.ru
to24.acaenaso.ru
to26.acaenaso.ru
to28.acaenaso.ru
to3.acaenaso.ru
to30.acaenaso.ru
to31.acaenaso.ru
to32.acaenaso.ru
to34.acaenaso.ru
to37.acaenaso.ru
to38.acaenaso.ru
to39.acaenaso.ru
to4.acaenaso.ru
to42.acaenaso.ru
to48.acaenaso.ru
to5.acaenaso.ru
to50.acaenaso.ru
to53.acaenaso.ru
to56.acaenaso.ru
to57.acaenaso.ru
to58.acaenaso.ru
to59.acaenaso.ru
to6.acaenaso.ru
to61.acaenaso.ru
to62.acaenaso.ru
to63.acaenaso.ru
to64.acaenaso.ru
to65.acaenaso.ru
to67.acaenaso.ru
to69.acaenaso.ru
to71.acaenaso.ru
to73.acaenaso.ru
to75.acaenaso.ru
to77.acaenaso.ru
to78.acaenaso.ru
to79.acaenaso.ru
to82.acaenaso.ru
to84.acaenaso.ru
to85.acaenaso.ru
to88.acaenaso.ru
to89.acaenaso.ru
to9.acaenaso.ru
to90.acaenaso.ru
to91.acaenaso.ru
to94.acaenaso.ru
type1.suizibel.ru
type10.suizibel.ru
type100.suizibel.ru
type12.suizibel.ru
type13.suizibel.ru
type15.suizibel.ru
type19.suizibel.ru
type23.suizibel.ru
type24.suizibel.ru
type26.suizibel.ru
type27.suizibel.ru
type28.suizibel.ru
type29.suizibel.ru
type30.suizibel.ru
type31.suizibel.ru
type32.suizibel.ru
type33.suizibel.ru
type34.suizibel.ru
type35.suizibel.ru
type36.suizibel.ru
type37.suizibel.ru
type39.suizibel.ru
type4.suizibel.ru
type41.suizibel.ru
type42.suizibel.ru
type43.suizibel.ru
type45.suizibel.ru
type46.suizibel.ru
type48.suizibel.ru
type49.suizibel.ru
type5.suizibel.ru
type50.suizibel.ru
type51.suizibel.ru
type52.suizibel.ru
type53.suizibel.ru
type54.suizibel.ru
type55.suizibel.ru
type56.suizibel.ru
type57.suizibel.ru
type58.suizibel.ru
type59.suizibel.ru
type6.suizibel.ru
type60.suizibel.ru
type62.suizibel.ru
type63.suizibel.ru
type64.suizibel.ru
type65.suizibel.ru
type66.suizibel.ru
type67.suizibel.ru
type7.suizibel.ru
type71.suizibel.ru
type72.suizibel.ru
type73.suizibel.ru
type76.suizibel.ru
type79.suizibel.ru
type80.suizibel.ru
type81.suizibel.ru
type82.suizibel.ru
type83.suizibel.ru
type84.suizibel.ru
type85.suizibel.ru
type86.suizibel.ru
type88.suizibel.ru
type9.suizibel.ru
type90.suizibel.ru
type92.suizibel.ru
type93.suizibel.ru
type94.suizibel.ru
type95.suizibel.ru
type98.suizibel.ru
type99.suizibel.ru
until100.nubiumbi.ru
until11.nubiumbi.ru
until13.nubiumbi.ru
until14.nubiumbi.ru
until33.nubiumbi.ru
until49.nubiumbi.ru
until60.nubiumbi.ru
until63.nubiumbi.ru
until72.nubiumbi.ru
until73.nubiumbi.ru
until77.nubiumbi.ru
until80.nubiumbi.ru
until83.nubiumbi.ru
until87.nubiumbi.ru
until96.nubiumbi.ru
visible72.nubiumbi.ru
visible79.nubiumbi.ru
while1.atonpi.ru
while10.atonpi.ru
while100.atonpi.ru
while11.atonpi.ru
while12.atonpi.ru
while13.atonpi.ru
while14.atonpi.ru
while15.atonpi.ru
while16.atonpi.ru
while17.atonpi.ru
while18.atonpi.ru
while19.atonpi.ru
while2.atonpi.ru
while20.atonpi.ru
while21.atonpi.ru
while22.atonpi.ru
while23.atonpi.ru
while24.atonpi.ru
while25.atonpi.ru
while26.atonpi.ru
while27.atonpi.ru
while28.atonpi.ru
while29.atonpi.ru
while3.atonpi.ru
while30.atonpi.ru
while31.atonpi.ru
while32.atonpi.ru
while33.atonpi.ru
while34.atonpi.ru
while35.atonpi.ru
while36.atonpi.ru
while37.atonpi.ru
while38.atonpi.ru
while39.atonpi.ru
while4.atonpi.ru
while40.atonpi.ru
while41.atonpi.ru
while42.atonpi.ru
while43.atonpi.ru
while44.atonpi.ru
while45.atonpi.ru
while46.atonpi.ru
while47.atonpi.ru
while49.atonpi.ru
while5.atonpi.ru
while50.atonpi.ru
while51.atonpi.ru
while52.atonpi.ru
while53.atonpi.ru
while54.atonpi.ru
while59.atonpi.ru
while6.atonpi.ru
while60.atonpi.ru
while61.atonpi.ru
while62.atonpi.ru
while64.atonpi.ru
while65.atonpi.ru
while66.atonpi.ru
while68.atonpi.ru
while69.atonpi.ru
while7.atonpi.ru
while70.atonpi.ru
while71.atonpi.ru
while72.atonpi.ru
while73.atonpi.ru
while74.atonpi.ru
while75.atonpi.ru
while76.atonpi.ru
while77.atonpi.ru
while78.atonpi.ru
while79.atonpi.ru
while8.atonpi.ru
while80.atonpi.ru
while81.atonpi.ru
while82.atonpi.ru
while83.atonpi.ru
while84.atonpi.ru
while85.atonpi.ru
while86.atonpi.ru
while87.atonpi.ru
while88.atonpi.ru
while89.atonpi.ru
while9.atonpi.ru
while90.atonpi.ru
while91.atonpi.ru
while93.atonpi.ru
while94.atonpi.ru
while95.atonpi.ru
while96.atonpi.ru
while97.atonpi.ru
while98.atonpi.ru
while99.atonpi.ru
write19.nubiumbi.ru
write21.nubiumbi.ru
write22.acaenaso.ru
write28.nubiumbi.ru
write29.acaenaso.ru
write34.acaenaso.ru
write35.nubiumbi.ru
write52.nubiumbi.ru
write6.nubiumbi.ru
write61.acaenaso.ru
write67.acaenaso.ru
write70.acaenaso.ru
write73.nubiumbi.ru
write78.acaenaso.ru
write8.nubiumbi.ru
write80.nubiumbi.ru
write84.nubiumbi.ru
write87.acaenaso.ru
write95.nubiumbi.ru
write97.nubiumbi.ru
write98.acaenaso.ru
wscript61.ozaharso.ru
wscript84.ozaharso.ru
xor17.nubiumbi.ru
xor42.acaenaso.ru
xor50.nubiumbi.ru
xor52.nubiumbi.ru
xor54.nubiumbi.ru
xor73.acaenaso.ru
xor74.acaenaso.ru
/intimate19/incomprehensible.3ds
/intimate40/incomprehensible.3ds
/incomprehensible.3ds

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.8/relations

dependant68.acorusso.ru
deployment5.malived.ru
deserve80.pacificos.ru
if71.acaenaso.ru
len79.dzhafarho.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.107/relations
# Reference: https://www.virustotal.com/gui/file/032d134d145c3047f56e936431a0aefd89ba56ba2bd3101c27bb002298addc88/detection

15decidedly.progerod.ru
falling85.garibdo.ru
lucky.falling85.garibdo.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.122/relations

74deeply.progerod.ru
fileexists25.nubiumbi.ru
fileexists86.nubiumbi.ru
glowing86.lamentable.ru

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.76/relations
# Reference: https://www.virustotal.com/gui/file/f4bba395a6efef4b2e940dc93cea9974ffd0a5d2bd3b714b03cd2170793c11b7/detection

http://31.129.22.149
voulumonte.ru
xenophorm.ru
12decency.barentsot.ru
17deep.alceaso.ru
19decency.barentsot.ru
21decency.barentsot.ru
23deeply.progerod.ru
2decency.barentsot.ru
32decency.barentsot.ru
35decency.barentsot.ru
41decency.barentsot.ru
45decency.barentsot.ru
49decency.barentsot.ru
4decency.barentsot.ru
56decency.barentsot.ru
61decency.barentsot.ru
71deep.alceaso.ru
72decency.barentsot.ru
74deeply.progerod.ru
7decency.barentsot.ru
83decency.barentsot.ru
close22.beringos.ru
dedicate10.voulumonte.ru
delivered15.pacificos.ru
info.xenophorm.ru
len19.beringos.ru
/sntentional52/index.html
/snterior69/index.html

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.105/relations

19deeply.progerod.ru
reins21.judicious.ru

# Reference: https://www.virustotal.com/gui/ip-address/92.118.112.146/relations

eval98.andamanos.ru
set28.xenophorm.ru

# Reference: https://twitter.com/PratimaLohar/status/1709527492292182070
# Reference: https://www.virustotal.com/gui/file/b02ace8b93a948e4ee3c51df13a637f39e07793e64a553b1e679dab479e2544b/detection

endless28.filikato.ru

# Reference: https://www.virustotal.com/gui/ip-address/77.246.111.46/relations

15defy.trulazek.ru

# Reference: https://twitter.com/Cyber0verload/status/1711459754839531722
# Reference: https://www.virustotal.com/gui/file/890ae254b3f87bab8f33017ae6554deaa2468f670e07b81e6cefbc94baa3e63b/detection

aquariusso.ru
41delicious.aquariusso.ru
savetofile71.beringos.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.31/relations

set71.beringos.ru

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.12/relations

amber40.gaplando.ru

# Reference: https://www.virustotal.com/gui/ip-address/134.122.112.229/relations

along19.gaplando.ru
aloud20.ambarcumgi.ru
amber19.gaplando.ru
amber36.gaplando.ru
amber45.gaplando.ru
amber63.gaplando.ru
amber74.gaplando.ru
amber92.gaplando.ru
amber98.gaplando.ru
bicyclelist73.gaplando.ru
claims34.gaplando.ru
claims84.gaplando.ru
claims96.gaplando.ru
counsel41.gaplando.ru
counsel49.gaplando.ru
counsel55.gaplando.ru
counsel69.gaplando.ru
glittering24.ambarcumgi.ru
glittering28.ambarcumgi.ru
glorious17.ambarcumgi.ru
glorious49.ambarcumgi.ru
glorious92.ambarcumgi.ru
goat33.ambarcumgi.ru
goat49.ambarcumgi.ru
interference3.ambarcumgi.ru
interference45.ambarcumgi.ru
interference46.ambarcumgi.ru
interference70.ambarcumgi.ru
interference99.ambarcumgi.ru
neglect79.ambarcumgi.ru
same29.ambarcumgi.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.39.207.99/relations

92delayed.alceaso.ru
97delayed.alceaso.ru
delayed.alceaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.139/relations

geminiso.ru
despite71.aquariusso.ru
set71.geminiso.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.34/relations

type90.geminiso.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.20/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.196/relations

getobject27.geminiso.ru
getobject35.geminiso.ru
getobject63.geminiso.ru
getobject7.geminiso.ru
getobject71.geminiso.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.161.251.114/relations

14despite.aquariusso.ru

# Reference: https://www.virustotal.com/gui/ip-address/5.44.42.123/relations

21delicate.vatango.ru
55despite.aquariusso.ru

# Reference: https://www.virustotal.com/gui/ip-address/92.118.112.137/relations

16despite.aquariusso.ru
among6.ananiyagi.ru
demolition33.namibbo.ru
destruction9.namibbo.ru
lover1.badrupi.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.119/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.39.204.216/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.78.239.178/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.104/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.19.141.137/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.19.141.240/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.179/relations
# Reference: https://www.virustotal.com/gui/file/38e5d98975da2b94681e80a08b4d8629cb7c0d2a4ebb13858321d070ef57b1b8/detection
# Reference: https://www.virustotal.com/gui/file/235af72d8c357b8aed9e73ef6b21b03fc31dde52fdaa26a5b9a75863988c2499/detection

herculeso.ru
hordeumos.ru
vaporumbi.ru
100deposit.vaporumbi.ru
10decisive.alceaso.ru
47defect.vaporumbi.ru
48defect.vaporumbi.ru
50descend.vaporumbi.ru
56decoy.vaporumbi.ru
69defect.vaporumbi.ru
73defect.vaporumbi.ru
75descend.vaporumbi.ru
between68.zahidgo.ru
deletefile19.dzhafarho.ru
deletefile21.dzhafarho.ru
deletefile22.dzhafarho.ru
deletefile65.dzhafarho.ru
eval28.hordeumos.ru
expandenvironmentstrings22.hordeumos.ru
expandenvironmentstrings52.hordeumos.ru
fileexists14.arabianos.ru
visible83.herculeso.ru
write100.herculeso.ru
clamour.between68.zahidgo.ru

# Reference: https://twitter.com/Cyber0verload/status/1715828521245774008

acanthurpi.ru
aestivumos.ru
allohad.ru
andobex.ru
andromedas.ru
anguillapi.ru
asxcq.ru
aurigaso.ru
auxiliatos.ru
barakas.ru
batoh.ru
blakudon.ru
blakurin.ru
boborak.ru
bootesso.ru
bromusmos.ru
bugati.ru
buraman.ru
buratos.ru
caelestisto.ru
cathedrales.ru
columbaso.ru
consentesto.ru
corvusso.ru
danseet.ru
dedesir.ru
demrelho.ru
distichonmos.ru
dovletho.ru
echappes.ru
envoles.ru
evades.ru
evanescet.ru
faliv.ru
fatuamos.ru
faturan.ru
festucamos.ru
fitromad.ru
flamesov.ru
fortunatos.ru
fritopa.ru
furamun.ru
gilohar.ru
golit.ru
golohor.ru
govnoc.ru
graveofhope.ru
haltur.ru
hugardj.ru
ilssesont.ru
indigetesto.ru
inermisos.ru
invente.ru
invictusto.ru
isratan.ru
iuppitertos.ru
jelesai.ru
joofas.ru
kalaharibo.ru
kutoral.ru
labellen.ru
lamentum.ru
larumtos.ru
lasculpture.ru
lesartistes.ru
lesetoiles.ru
liberes.ru
libraso.ru
lopraqum.ru
malumvincens.ru
matrixod.ru
migolac.ru
novensilesto.ru
novichoc.ru
noxtoxic.ru
nuteas.ru
obiendis.ru
odayonso.ru
olduhik.ru
palartas.ru
pratensismos.ru
ptirjot.ru
quiapour.ru
rutrakodes.ru
sativamos.ru
secalemos.ru
seriolapi.ru
slamenet.ru
snapperpi.ru
soncorps.ru
tenterons.ru
triticumos.ru
turaman.ru
turonaf.ru
undarumbi.ru
unoiseau.ru
venomast.ru
venustos.ru
verdigo.ru
virgoso.ru
wastlano.ru
wefxzaq.ru
zerodems.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.116/relations

defy18.acanthurpi.ru
deletefile73.dzhafarho.ru
lucius25.lamentable.ru
prickly40.vloperang.ru
prickly69.vloperang.ru
prickly78.vloperang.ru

# Reference: https://www.virustotal.com/gui/ip-address/164.90.154.123/relations

13defy.antarcticos.ru
22deserves.antarcticos.ru
4deserves.antarcticos.ru
82defiance.barentsot.ru
asc11.indianos.ru
defy64.acanthurpi.ru
design.lasculpture.ru

# Reference: https://www.virustotal.com/gui/ip-address/128.199.7.4/relations

46deserves.antarcticos.ru
74deserves.antarcticos.ru
defy13.acanthurpi.ru
defy70.acanthurpi.ru
deletefile34.dzhafarho.ru

# Reference: https://www.virustotal.com/gui/ip-address/174.138.35.5/relations

claimed46.osmanpo.ru
clap18.rustampo.ru
defy77.acanthurpi.ru
luxury83.erfanho.ru
stoop.luxury83.erfanho.ru

# Reference: https://www.virustotal.com/gui/domain/zerodems.ru/relations

createobject25.zerodems.ru
createobject98.zerodems.ru
fileexists31.zerodems.ru
if66.zerodems.ru
redim31.zerodems.ru
savetofile71.zerodems.ru
type23.zerodems.ru
while52.zerodems.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.58.112.174/relations

dalgakiranrussia.online
khersonambulance.online
ukrainefacility.store

# Reference: https://twitter.com/DmitriyMelikov/status/1719370795208593882
# Reference: https://www.virustotal.com/gui/file/207cc5969b7de393461ead79404ff541e75665d448e529ba0087127d40dfe066/detection

alloy57.firtoso.ru

# Reference: https://www.virustotal.com/gui/ip-address/138.68.22.93/relations

a.midiatr.ru
aaa.midiatr.ru
integral.telefar.ru
luxurious.kippuno.ru
principles.ikaraur.ru
defensive.delicious.coffiti.ru
intercourse58.luxurious.kippuno.ru
intercourse69.luxurious.kippuno.ru
intercourse8.luxurious.kippuno.ru
intercourse89.luxurious.kippuno.ru
needle81.principles.ikaraur.ru

# Reference: https://twitter.com/StopMalvertisin/status/1720754069567086732
# Reference: https://www.virustotal.com/gui/file/f02f88d748e39dfa692b811ab1c0f9179045170bc179bd46190d57885078a97c/detection

allen6.regulate.kippuno.ru

# Reference: https://www.virustotal.com/gui/domain/alceaso.ru/relations
# Reference: https://www.virustotal.com/gui/file/634c0b0c27a5ea21a135e7c4ee54d7076f0d55f5e1a19c6067c6647222a08fc6/detection

http://85.159.229.100
12deceive.alceaso.ru
22deceive.alceaso.ru
46deceive.alceaso.ru
49definition.alceaso.ru
51delayed.alceaso.ru
57descend.alceaso.ru
67deluge.alceaso.ru
70deceive.alceaso.ru
73deceive.alceaso.ru
deceive.alceaso.ru
/is70/interdependent.nes
/is71/interdependent.nes
/is72/interdependent.nes
/is73/interdependent.nes
/is74/interdependent.nes
/is75/interdependent.nes
/is76/interdependent.nes
/is77/interdependent.nes
/is78/interdependent.nes
/is79/interdependent.nes

# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.200/relations

49definition.alceaso.ru
56delight.barentsot.ru
asc16.acaenaso.ru
asc88.acaenaso.ru
despise43.muazpo.ru
fileexists23.blakurin.ru
fileexists64.blakurin.ru
len19.dzhafarho.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.36/relations

49delayed.alceaso.ru

# Reference: https://twitter.com/Cyber0verload/status/1722647695167275389
# Reference: https://www.virustotal.com/gui/file/e62e287fd5172f42a651a685b29228cbb1cff310fafe3ee1ecbe667fbf83f09a/detection
# Reference: https://www.virustotal.com/gui/file/93065044d096d7846323637a2a323343eef250c5561de3a05272ae61c4ac7ba5/detection
# Reference: https://www.virustotal.com/gui/file/ddcbd24abbb04861eaabead946bc65862fbbe29b51323e37d57a64aa97d30e13/detection

ned84.detroito.ru
bidding.ned84.detroito.ru

# Reference: https://twitter.com/Cyber0verload/status/1722660991618502985
# Reference: https://www.virustotal.com/gui/ip-address/62.133.61.172/relations
# Reference: https://www.virustotal.com/gui/file/76eee4eb67cc1ecf8bb73959201d22a243e82f259eea0d736822327d95fed3d3/detection

stopper2.parsimonious.ru

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.85/relations

25debts.antarcticos.ru
for32.acaenaso.ru
responsebody45.arabianos.ru

# Reference: https://twitter.com/Cyber0verload/status/1724418597206794294
# Reference: https://www.virustotal.com/gui/file/976c4fdf5120d4a6e6b5d1cd26d70244fb788ea1cb50031a129ea8da9509f86a/detection
# Reference: https://www.virustotal.com/gui/file/d8a012a24aa805042bc416d6d72694d6c3c0b726b571f5ef57ecab8690b87b99/detection

fallen.vadilops.ru
shoes.fallen.vadilops.ru

# Reference: https://twitter.com/DmitriyMelikov/status/1727679021511479359
# Reference: https://www.virustotal.com/gui/file/b8c023010bbeb595ccf31e9d405e5fbd888d1649c2fa204adc9610b6b732d946/detection

naturalists73.skymagra.ru
necessarily.naturalists73.skymagra.ru

# Reference: https://www.virustotal.com/gui/ip-address/178.208.83.91/relations
# Reference: https://www.virustotal.com/gui/ip-address/178.208.83.92/detection
# Reference: https://app.validin.com/axon?find=77.83.246.146&type=ip

arcticos.ru
dzhafarho.ru
mamduhgo.ru
mx1.arcticos.ru
mx2.arcticos.ru
performed72.mamduhgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.248.8.154/relations

03.vilviton.ru
17.axehar.ru
17.vilviton.ru
aaronic.vilviton.ru
aarrgh.vilviton.ru
aau.vilviton.ru
allen2.buckso.ru
allen25.buckso.ru
allen74.buckso.ru
allocate100.buckso.ru
allocate33.buckso.ru
allocate66.buckso.ru
allocate81.buckso.ru
allocate82.buckso.ru
allocate84.buckso.ru
allocate96.buckso.ru
allows.intercourse75.buckso.ru
allows.intercourse84.buckso.ru
allows10.buckso.ru
allows14.buckso.ru
allows23.buckso.ru
allows25.buckso.ru
almost.performed59.buckso.ru
aloud.relax98.bilotora.ru
altered3.cavalierso.ru
altered95.cavalierso.ru
beyond.stooped41.dovletho.ru
clamour53.detroito.ru
clamp.going8.buckso.ru
countryside.glide12.drivento.ru
glide12.drivento.ru
goal18.loperto.ru
goat5.cavalierso.ru
going8.buckso.ru
intercourse75.buckso.ru
intercourse84.buckso.ru
lucky18.cavalierso.ru
lucky68.cavalierso.ru
navy.allows14.buckso.ru
navy.allows23.buckso.ru
navy.allows25.buckso.ru
need.goal18.loperto.ru
nenets.witchdors.ru
nondiscovery.axehar.ru
nonets.axehar.ru
paragoges.axehar.ru
people.altered3.cavalierso.ru
people.altered95.cavalierso.ru
pepper63.buckso.ru
per.shoot21.buckso.ru
per.shoot76.buckso.ru
performed59.buckso.ru
reins.allen74.buckso.ru
relax98.bilotora.ru
sam.goat5.cavalierso.ru
sam.lucky18.cavalierso.ru
sam.lucky68.cavalierso.ru
scooters.axehar.ru
scottify.axehar.ru
shoot21.buckso.ru
shoot76.buckso.ru
stoop.pepper63.buckso.ru
stooped41.dovletho.ru
timecard.axehar.ru
trampdom.arenosi.ru
trinket.arenosi.ru
trivet.axehar.ru
yale.witchdors.ru

# Reference: https://twitter.com/Cyber0verload/status/1729737489382862957
# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.119/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.128/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.133.62.52/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.133.62.57/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.133.62.65/relations
# Reference: https://www.virustotal.com/gui/ip-address/77.83.246.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.92/relations
# Reference: https://www.virustotal.com/gui/file/49d3c686ae86a04834d1e93dba8693119056a53d7ca742afb09a91232cb77c12/detection

eldjip.ru
logitrap.ru
monitral.ru
semikos.ru
21departed.eldjip.ru
71departed.eldjip.ru
90departed.eldjip.ru
93departed.eldjip.ru
close58.fortunatos.ru
getobject1.semikos.ru
getobject64.semikos.ru
getobject71.semikos.ru
len24.logitrap.ru
len28.logitrap.ru
len62.logitrap.ru
loop12.monitral.ru
loop50.monitral.ru
properties_54.logitrap.ru
properties_8.logitrap.ru
run18.logitrap.ru
until46.semikos.ru
until5.semikos.ru
until83.semikos.ru
while22.logitrap.ru
while25.logitrap.ru
xor39.semikos.ru
xor6.semikos.ru

# Reference: https://twitter.com/peterkruse/status/1729796919004676600
# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.156/relations

nandayo.ru
10despise.consentesto.ru
12despise.consentesto.ru
74despise.consentesto.ru
close61.nandayo.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.175/relations

2description.consentesto.ru
27description.consentesto.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.192/relations

29design.invictusto.ru
79deploy.consentesto.ru
setrequestheader7.iuppitertos.ru

# Reference: https://www.virustotal.com/gui/ip-address/62.133.61.163/relations

41description.consentesto.ru

# Reference: https://www.virustotal.com/gui/ip-address/92.118.112.152/relations

83despise.consentesto.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.50/relations

5deity.consentesto.ru
69deity.consentesto.ru
93deity.consentesto.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.9/relations

27deficiency.consentesto.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.171/relations

for86.ahmozpi.ru
getfile43.dakareypa.ru
getfile44.nahtizi.ru
getfile80.nahtizi.ru
read4.logitrap.ru
read82.logitrap.ru
while39.logitrap.ru
xor35.saturnec.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.225/relations

wscript58.logitrap.ru
wscript61.logitrap.ru

# Reference: https://twitter.com/Cyber0verload/status/1736842543772369292
# Reference: https://twitter.com/Cyber0verload/status/1736844537908085232
# Reference: https://gist.github.com/kirk-sayre-work/1dd6e5b08cf168a9b5f9281ce5c37ebb
# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.130/relations
# Reference: https://www.virustotal.com/gui/file/3a67c6714b55a16848b77a5e2909704be04388d1c122f28b7b2041b56c0e8bbc/detection
# Reference: https://www.virustotal.com/gui/file/67e83344af4e3adaebbd81438b367175107e3985af48847ff49842d034bb439d/detection
# Reference: https://www.virustotal.com/gui/file/e06ab88a57c9fb5c32a12cdfcfc4945f00f4992cf715b1ef051835f39d1ff6d1/detection

http://46.29.235.130
100dependant.barentsot.ru
13departure.barentsot.ru
16defensive.barentsot.ru
17defeated.barentsot.ru
21deception.fatuamos.ru
24desired.barentsot.ru
30deception.fatuamos.ru
31delight.barentsot.ru
35define.barentsot.ru
37delight.barentsot.ru
49defensive.barentsot.ru
50delete.barentsot.ru
50desired.barentsot.ru
54deceive.barentsot.ru
59delight.barentsot.ru
71departure.barentsot.ru
89delight.barentsot.ru
92delete.barentsot.ru
95deception.fatuamos.ru
96desired.barentsot.ru
len49.fortunatos.ru
len58.fortunatos.ru
loop42.iuppitertos.ru
position79.indianos.ru
/inch24/incredible.fits
/inch50/incredible.fits
/inch96/incredible.fits
/innumerable21/infinite.pl1
/innumerable32/infinite.pl1
/innumerable32/infinite.pl14

# Reference: https://twitter.com/Cyber0verload/status/1739301811108860411

hermiona.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.60/relations

claimed100.osmanpo.ru
claimed21.osmanpo.ru
claimed23.osmanpo.ru
claimed26.osmanpo.ru
claimed29.osmanpo.ru
claimed34.osmanpo.ru
claimed36.osmanpo.ru
claimed38.osmanpo.ru
claimed39.osmanpo.ru
claimed44.osmanpo.ru
claimed45.osmanpo.ru
claimed46.osmanpo.ru
claimed50.osmanpo.ru
claimed56.osmanpo.ru
claimed57.osmanpo.ru
claimed60.osmanpo.ru
claimed61.osmanpo.ru
claimed62.osmanpo.ru
claimed63.osmanpo.ru
claimed66.osmanpo.ru
claimed67.osmanpo.ru
claimed69.osmanpo.ru
claimed7.osmanpo.ru
claimed70.osmanpo.ru
claimed71.osmanpo.ru
claimed73.osmanpo.ru
claimed76.osmanpo.ru
claimed83.osmanpo.ru
claimed94.osmanpo.ru
claimed96.osmanpo.ru
claimed98.osmanpo.ru
gloomily51.osmanpo.ru
while98.logitrap.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.235/relations

allied86.vloperang.ru
am30.danizho.ru
claimed2.danizho.ru
claimed69.osmanpo.ru
counsel14.danizho.ru
gloomy.salt100.gadzhido.ru
salt100.gadzhido.ru

# Reference: https://www.virustotal.com/gui/ip-address/217.78.239.146/relations

71depths.highfalutin.ru
asc46.vidadigo.ru
asc65.vidadigo.ru
chr11.vidadigo.ru
chr17.vidadigo.ru
chr2.vidadigo.ru
chr20.vidadigo.ru
chr27.vidadigo.ru
chr3.vidadigo.ru
chr42.vidadigo.ru
chr74.vidadigo.ru
chr78.vidadigo.ru
chr80.vidadigo.ru
chr83.vidadigo.ru
chr99.vidadigo.ru
claimed15.osmanpo.ru
claimed16.osmanpo.ru
claimed19.osmanpo.ru
claimed2.osmanpo.ru
claimed20.osmanpo.ru
close1.vidadigo.ru
close18.vidadigo.ru
close39.vidadigo.ru
close75.vidadigo.ru
close8.vidadigo.ru
close96.vidadigo.ru
createobject1.vidadigo.ru
createobject100.vidadigo.ru
createobject18.vidadigo.ru
createobject31.vidadigo.ru
createobject50.vidadigo.ru
createobject66.vidadigo.ru
glory.prevail38.neonosni.ru
glove17.neonosni.ru
glove28.neonosni.ru
glove32.neonosni.ru
glove71.neonosni.ru
glove73.neonosni.ru
glove89.neonosni.ru
percent.glove17.neonosni.ru
percent.glove28.neonosni.ru
percent.glove32.neonosni.ru
percent.glove71.neonosni.ru
percent.glove73.neonosni.ru
percent.glove89.neonosni.ru
prevail38.neonosni.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.196/relations
# Reference: https://www.virustotal.com/gui/file/8eeea77585849de67402bbaffc5f7a66f9e027c700ec7d258d1cfbff5d7a2a1a/detection

17defence.savalanpo.ru
3definition.aytashpo.ru
globe84.royalpo.ru
xor88.ramizla.ru

# Reference: https://www.virustotal.com/gui/ip-address/62.133.62.88/relations

counsel28.danizho.ru
relationship20.danizho.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.233.5/relations

claimed2.badrupi.ru
counsel28.danizho.ru
for89.ahmozpi.ru
ned33.saadipo.ru
relationship20.danizho.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.85/relations

amazement3.barakapi.ru
deserve38.secretah.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.228/relations

getobject4.logitrap.ru
write1.ozaharso.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.202/relations

glitter99.zyakigo.ru
hld.muhtargo.ru
luxurious45.karimbi.ru
nearly.reins74.karimbi.ru
nearly18.danizho.ru
pressure65.barakapi.ru
reins74.karimbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.23.103.206/relations

getfile70.dakareypa.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.156.102.26/relations

bible7.gachagdo.ru
engage67.brudimar.ru
eval26.squeamish.ru
eval37.atonpi.ru
eval65.atonpi.ru
eval67.squeamish.ru
eval68.atonpi.ru
eval94.atonpi.ru
for25.ahmozpi.ru
for50.ahmozpi.ru
getfile36.nahtizi.ru
gloomy25.brudimar.ru
gnaw6.absorbeni.ru
luck66.fushiguro.ru
naturally.bible7.gachagdo.ru
read36.acaenaso.ru
read59.acaenaso.ru
redim23.acaenaso.ru
salt34.gadzhido.ru
send45.dumerilipi.ru
send81.dumerilipi.ru
visible66.nebtoizi.ru
visible74.nebtoizi.ru
write30.ozaharso.ru
write32.ozaharso.ru
write33.ozaharso.ru
write43.ozaharso.ru
xor2.ramizla.ru
xor23.saturnec.ru
xor27.saturnec.ru
xor28.acaenaso.ru
xor49.ramizla.ru
xor57.ramizla.ru
xor88.acaenaso.ru
xor9.saturnec.ru
xor92.saturnec.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.156.102.23/relations

faithful90.absorbeni.ru
gloomy.salt34.gadzhido.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.115/relations

claimed77.osmanpo.ru
degrade.highfalutin.ru
energy30.gochagdo.ru
engage75.brudimar.ru
goats61.maksuddo.ru
reject44.samiseto.ru
rejoined17.zahidgo.ru
relationship28.ayzakpo.ru
relationship78.ayzakpo.ru
soul45.boskatrem.ru
ammonia.rejoined17.zahidgo.ru
print.energy30.gochagdo.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.117/relations

claimed54.osmanpo.ru
perfect82.ilkinbi.ru
position94.nubiumbi.ru
naturally.perfect82.ilkinbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/92.118.112.215/relations

loyal36.ilkinbi.ru
loving.loyal36.ilkinbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/92.118.112.228/relations

clamp.shone88.zakirgo.ru
clasped65.dzheyhunho.ru
go10.danizho.ru
go77.danizho.ru
interbase.luxurious45.karimbi.ru
lover80.zahidgo.ru
lover91.zahidgo.ru
loving.loyal30.ilkinbi.ru
loving.loyal40.ilkinbi.ru
loyal30.ilkinbi.ru
loyal40.ilkinbi.ru
prevent.lover80.zahidgo.ru
prevent.lover91.zahidgo.ru
regular.clasped65.dzheyhunho.ru
released21.danizho.ru
shone88.zakirgo.ru
sour41.danizho.ru

# Reference: https://twitter.com/lightC07379408/status/1742720855355036013
# Reference: https://twitter.com/DmitriyMelikov/status/1742855526864564426
# Reference: https://www.virustotal.com/gui/file/55ec220d943c45834506bc4d78bfebdf880fc55c986ae247991e8e593fc2f08c/detection
# Reference: https://www.virustotal.com/gui/file/6fe0976107b1ab603194ccc9e373e6a1ff9b2830d8dfabd02d398a4f9a7a2ee1/detection

alphabet76.koroglugo.shop

# Reference: https://www.virustotal.com/gui/ip-address/104.248.204.242/relations

artavazd.xyz
100decidedly.artavazd.xyz
100depended.artavazd.xyz
10decidedly.artavazd.xyz
10demonstration.artavazd.xyz
12degrade.artavazd.xyz
12deity.artavazd.xyz
12descendant.artavazd.xyz
13decay.artavazd.xyz
14deity.artavazd.xyz
14delay.artavazd.xyz
16deity.kyamalgo.shop
17defeated.kyamalgo.shop
19decipher.kyamalgo.shop
19defeated.kyamalgo.shop
20decipher.kyamalgo.shop
20decrease.kyamalgo.shop
25defend.kyamalgo.shop
26deity.kyamalgo.shop
2decipher.kyamalgo.shop
alphabet96.koroglugo.shop
ample.glow23.masudgo.shop
deletefile12.kirmango.shop
deletefile17.kirmango.shop
deletefile80.kirmango.shop
dim8.kirmango.shop
eval63.kirmango.shop
getobject61.kirmango.shop
glow23.masudgo.shop
mid16.kirmango.shop
pressure9.mehmango.shop
prickly88.koroglugo.shop
principal.pressure9.mehmango.shop
redim20.kirmango.shop
run71.autometrics.pro
sample.glow23.masudgo.shop

# Reference: https://www.virustotal.com/gui/ip-address/194.67.71.94/relations

interbase29.koroglugo.shop

# Reference: https://www.virustotal.com/gui/ip-address/194.67.71.140/relations

lumber71.koroglugo.shop
mta-sts.koroglugo.shop
prick47.koroglugo.shop

# Reference: https://twitter.com/souiten/status/1743200919645458676
# Reference: https://www.virustotal.com/gui/file/f98378693c86be4888f68b688c9733596a01dc55dc9f8600b4bb8d29f2477fd6/detection
# Reference: https://www.virustotal.com/gui/file/e872ec40a4c2ca42b1330b6b6332ac44705ec697432c901aa39e93edb7765531/detection
# Reference: https://www.virustotal.com/gui/file/9aaa8c778af26767dd8b2f1134a119c3e9c9d27c4385810c238d350190c7e401/detection
# Reference: https://www.virustotal.com/gui/file/4150896afc0a5d16b056f07c93e4112946ac381bbd0b4c54a4b4fff6bd14331c/detection

clfeed.online
/keyfileupdate/rst32.jpg

# Reference: https://twitter.com/Cyber0verload/status/1749926827831804140
# Reference: https://www.virustotal.com/gui/file/9c6a6d73ea89f2891cf33fe47cdef721e9688c8154f967dad741794be085e48b/detection

neat1.detroito.ru
county.neat1.detroito.ru

# Reference: https://www.virustotal.com/gui/ip-address/188.225.21.131/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.108/relations

turac.ru
5676575.turac.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.156.102.5/relations

apop.aytashpo.ru
gloomily100.decorous.ru
glowing41.lamentable.ru
lover31.aychobanpo.ru
stopper20.absorbeni.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.186/relations
# Reference: https://www.virustotal.com/gui/file/cfc9a87a4a171b5b169198e8a5132e3231712304147f27f17f61a69fa36e5323/detection

http://85.159.228.186
16dentist.savalanpo.ru
19definitely.savalanpo.ru
22descended.savalanpo.ru
24delayed.aytashpo.ru
29declared.savalanpo.ru
2defy.aytashpo.ru
35descended.savalanpo.ru
40defence.savalanpo.ru
42defect.savalanpo.ru
50defence.savalanpo.ru
50dentist.savalanpo.ru
52defective.aytashpo.ru
56deny.savalanpo.ru
60destroyer.aytashpo.ru
61dentist.savalanpo.ru
71departments.aytashpo.ru
73description.savalanpo.ru
77designed.savalanpo.ru
78defect.savalanpo.ru
79dense.savalanpo.ru
81dentist.savalanpo.ru
83delve.aytashpo.ru
91dentist.savalanpo.ru
97dependant.savalanpo.ru
ahhahahahhadodot.alceaso.ru
ajsj8dj3b373igb.absorbeni.ru
ajsj8dj3b373igb.aethionemaso.ru
ajsj8dj3b373igb.agonepi.ru
ajsj8dj3b373igb.anumbo.ru
ajsj8dj3b373igb.arabianos.ru
ajsj8dj3b373igb.ayrympo.ru
ajsj8dj3b373igb.badrupi.ru
ajsj8dj3b373igb.barakapi.ru
ajsj8dj3b373igb.barentsot.ru
ajsj8dj3b373igb.blootundicht.ru
ajsj8dj3b373igb.brudimar.ru
ajsj8dj3b373igb.crisiumbi.ru
ajsj8dj3b373igb.decorous.ru
ajsj8dj3b373igb.disagreeable.ru
ajsj8dj3b373igb.dzhabaripa.ru
ajsj8dj3b373igb.dzhibeydpa.ru
ajsj8dj3b373igb.fortunyzo.ru
ajsj8dj3b373igb.gayado.ru
ajsj8dj3b373igb.heartbreaking.ru
ajsj8dj3b373igb.humorumbi.ru
ajsj8dj3b373igb.lamentable.ru
ajsj8dj3b373igb.mudadazi.ru
ajsj8dj3b373igb.muhtargo.ru
ajsj8dj3b373igb.namibbo.ru
ajsj8dj3b373igb.nebibizi.ru
ajsj8dj3b373igb.nebtoizi.ru
ajsj8dj3b373igb.neferzi.ru
ajsj8dj3b373igb.osmanpo.ru
ajsj8dj3b373igb.ragibpo.ru
ajsj8dj3b373igb.raidla.ru
ajsj8dj3b373igb.ramalla.ru
ajsj8dj3b373igb.rashidiso.ru
ajsj8dj3b373igb.royalpo.ru
ajsj8dj3b373igb.rustampo.ru
ajsj8dj3b373igb.superficial.ru
ajsj8dj3b373igb.takyygi.ru
ajsj8dj3b373igb.undesirable.ru
ajsj8dj3b373igb.vasifgo.ru
ajsj8dj3b373igb.xopekar.ru
ajsj8dj3b373igb.zahidgo.ru
chr73.lachindo.ru
claimed11.osmanpo.ru
desire95.disagreeable.ru
dodot.alceaso.ru
dodot.arabianos.ru
dodot.remmaoso.ru
getobject34.lachindo.ru
globe14.royalpo.ru
/google19/defeat.3gpp2

# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.111/relations

deeper100.disagreeable.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.117/relations

100december.intigambi.ru
100decent.alceaso.ru
100decisive.alceaso.ru
100declared.alceaso.ru
100decline.alceaso.ru
100decline.intigambi.ru
100decoy.alceaso.ru
100deeper.intigambi.ru
100deeply.alceaso.ru
100default.alceaso.ru
100defense.alceaso.ru
100defensive.alceaso.ru
100defined.intigambi.ru
100definition.alceaso.ru
100degrade.intigambi.ru
100degree.intigambi.ru
100deity.intigambi.ru
100deliberately.alceaso.ru
100delicate.intigambi.ru
100delight.alceaso.ru
100delighted.intigambi.ru
100delirium.alceaso.ru
100delivery.intigambi.ru
100delve.alceaso.ru
100demanded.intigambi.ru
100den.alceaso.ru
100departed.alceaso.ru
100depend.alceaso.ru
100deployment.intigambi.ru
100depression.intigambi.ru
100depth.intigambi.ru
100derived.alceaso.ru
100descend.alceaso.ru
100desert.intigambi.ru
100deserved.alceaso.ru
100designs.alceaso.ru
100destination.intigambi.ru
100destruction.intigambi.ru
100detach.intigambi.ru
10deceive.intigambi.ru
10decency.alceaso.ru
10decided.intigambi.ru
10declared.alceaso.ru
10decline.alceaso.ru
10deep.alceaso.ru
10deeply.alceaso.ru
10default.alceaso.ru
10defend.intigambi.ru
10defense.alceaso.ru
10defined.intigambi.ru
10definite.intigambi.ru
10delivery.intigambi.ru
10demolition.intigambi.ru
115.omranpo.ru
60definition.alceaso.ru
81deception.fatuamos.ru
acid.omranpo.ru
acuriousidea.omranpo.ru
aegis.omranpo.ru
alertmanager-plateng-prod.omranpo.ru
anagate.omranpo.ru
anatomy.omranpo.ru
animepl.omranpo.ru
asc1.procellarumbi.ru
asc10.procellarumbi.ru
asc12.procellarumbi.ru
asc26.procellarumbi.ru
asc35.procellarumbi.ru
asc71.procellarumbi.ru
asc91.procellarumbi.ru
asc92.procellarumbi.ru
chr47.procellarumbi.ru
claimed55.osmanpo.ru
close80.perccottuspi.ru
deletefile39.kontarso.ru
for19.ahmozpi.ru
lucius7.lamentable.ru
redim29.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.113/relations

12decimal.aytashpo.ru
12declared.aytashpo.ru
12definition.aytashpo.ru
14decency.aytashpo.ru
53desire.aytashpo.ru
allen.stooped99.gahramando.ru
beware25.gahramando.ru
beware73.gahramando.ru
beware95.gahramando.ru
detached30.agonepi.ru
fallen.gloomy76.erfanho.ru
fallen.gloomy85.erfanho.ru
gloomy76.erfanho.ru
gloomy85.erfanho.ru
stooped99.gahramando.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.246/relations

0-tlcovid19-private.veligo.ru
0031-sysfs.aytashpo.ru
0069-bluetooth-fallback-to-sco-on-error-code-0x10-connect.aytashpo.ru
21779.veligo.ru
245.veligo.ru
2okhi.veligo.ru
365comicsxyear.veligo.ru
6ways.veligo.ru
9700548501.veligo.ru
a2c-net234.veligo.ru
aashuzone.veligo.ru
abouteducation2u.veligo.ru
academics.veligo.ru
accountarena.veligo.ru
acoffeestorytotell.veligo.ru
activitypit.veligo.ru
addiction.veligo.ru
adea.veligo.ru
adelaide.veligo.ru
adele.veligo.ru
adj.veligo.ru
adksfhasldhf.veligo.ru
ae-0-8.veligo.ru
aerostar.veligo.ru
afpan.veligo.ru
afsbeurope.veligo.ru
agenziablackwhite.veligo.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.118/relations

0-index.aytashpo.ru
getfile52.dakareypa.ru
while29.monitral.ru

# Reference: https://www.virustotal.com/gui/file/7b500e029097cc73b588950a39e79dda505b9bc26fcf1aeb2b983cc7555d7963/detection

17desire.aytashpo.ru
23desire.aytashpo.ru
33desire.aytashpo.ru
73desire.aytashpo.ru
79desire.aytashpo.ru
94desire.aytashpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/199.247.24.239/relations

100desire.aytashpo.ru
40desire.aytashpo.ru
48desire.aytashpo.ru
7defeat.aytashpo.ru
defeat.aytashpo.ru
defensive.aytashpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.38/relations

0.bayramgo.ru
1.bayramgo.ru
10.bayramgo.ru
19deliver.ramalla.ru
27dentist.mardango.ru
34definite.aydinpo.ru
43dependent.mardango.ru
43descent.mansurdo.ru
59desire.aytashpo.ru
74delicious.talgatgi.ru
8delusion.ihtiyarbi.ru
a.kiaolian.ru
aa.kiaolian.ru
aaa.kiaolian.ru
aaa.zardushtgo.ru
aaas.kiaolian.ru
aah.kiaolian.ru
aahed.kiaolian.ru
aahing.kiaolian.ru
aahing.zardushtgo.ru
aahs.kiaolian.ru
aal.kiaolian.ru
aal.zardushtgo.ru
aalii.kiaolian.ru
aalii.zardushtgo.ru
aaliis.kiaolian.ru
aaliis.zardushtgo.ru
aals.kiaolian.ru
aals.zardushtgo.ru
aam.kiaolian.ru
aardvark.kiaolian.ru
aardvarks.kiaolian.ru
aardwolf.kiaolian.ru
aardwolves.kiaolian.ru
aargh.kiaolian.ru
aarhus.kiaolian.ru
aaron.kiaolian.ru
aaronic.kiaolian.ru
abalienate.bayramgo.ru
abbassi.zardushtgo.ru
abbasside.zardushtgo.ru
abbatial.zardushtgo.ru
abbatical.zardushtgo.ru
abbess.zardushtgo.ru
abbesses.zardushtgo.ru
abderian.zardushtgo.ru
abderite.zardushtgo.ru
abdest.zardushtgo.ru
abdicant.zardushtgo.ru
abdications.zardushtgo.ru
abdicative.zardushtgo.ru
abdicator.zardushtgo.ru
abecedarium.kiaolian.ru
abecedary.kiaolian.ru
abed.kiaolian.ru
abegging.kiaolian.ru
aberuncator.bayramgo.ru
abetment.bayramgo.ru
abettal.zardushtgo.ru
abettals.zardushtgo.ru
asc100.bayramgo.ru
asc13.bayramgo.ru
asc18.bayramgo.ru
asc2.bayramgo.ru
asc21.bayramgo.ru
asc23.bayramgo.ru
asc24.bayramgo.ru
asc25.bayramgo.ru
asc29.bayramgo.ru
asc31.bayramgo.ru
asc33.bayramgo.ru
asc37.bayramgo.ru
decorate74.malived.ru
decree55.dashgynrho.ru
deficiency23.ragibpo.ru
dentist31.vagifgo.ru
deprive73.ragibpo.ru
deprive90.ragibpo.ru
emv1.aydinpo.ru
getfile8.dakareypa.ru
service.aydinpo.ru
service.kiaolian.ru
then53.suizibel.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.59/relations

0.agasibi.ru
11.agasibi.ru
12.agasibi.ru
14.agasibi.ru
16.agasibi.ru
17.agasibi.ru
19.agasibi.ru
5.agasibi.ru
5c5b2b8f-8a2d-4570-9240-f11550122d36.aytashpo.ru
7.agasibi.ru
9.agasibi.ru
a2.agasibi.ru
analysemotionformatthew.aytashpo.ru
atreides.aytashpo.ru
baijialeduchangshipin.aytashpo.ru
baijialezuigaotouzhufa.aytashpo.ru
beta-the.aytashpo.ru
bitcoin2graphdb.aytashpo.ru
chenzhounalikeyiwanbaijiale.aytashpo.ru
cityonbuzz.aytashpo.ru
dreamnet.aytashpo.ru
elhijodelabohemia.aytashpo.ru
fasta2cgic.aytashpo.ru
feicaiguojiguanfangbaijiale.aytashpo.ru
first-component.aytashpo.ru
gesidalijiazuqiutouzhuwang.aytashpo.ru
getrigidtransformation.aytashpo.ru
haoboyulechengguanwang.aytashpo.ru
infohack.aytashpo.ru
monitask.aytashpo.ru
perlmodules.aytashpo.ru
rack-robustness.aytashpo.ru
s02-names-vars.aytashpo.ru
send71.dumerilipi.ru
shippingmadness.aytashpo.ru
textinputlayoutsample.aytashpo.ru
toomanyitemsexception.aytashpo.ru

# Reference: https://twitter.com/G60930953/status/1751483351330894304
# Reference: https://twitter.com/G60930953/status/1751483847445811439
# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.120/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.122/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.144/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.58/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.127/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.82/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.224/relations
# Refernce: https://www.virustotal.com/gui/ip-address/81.19.140.230/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.232/relations
# Reference: https://www.virustotal.com/gui/file/038fa00486ebe8a4f22f167fd664acc41d59334489a920f7f24cad2910cf3417/detection
# Reference: https://www.virustotal.com/gui/file/d222977ab20317647595c9de7413bd17a8074006007150102aa2b569fc2ccbf1/detection

barap.ru
bibitron.ru
bitorgas.ru
dfgqdsd.ru
ertiway.ru
guvalas.ru
humahu.ru
hupol.ru
loturam.ru
muctafa.ru
paranul.ru
polutar.ru
tiporig.ru
vifpor.ru
vukongos.ru
100064636.polutar.ru
100103493.makasd.ru
1001241254.humahu.ru
100131717.dfgqdsd.ru
1001774425.makasd.ru
1002427615.patrios.ru
1002763297.patrios.ru
1002928871.makasd.ru
1003878491.faturan.ru
1004070485.humahu.ru
1005607677.gokols.ru
1006523449.makasd.ru
1007676970.baruta.ru
1007917588.patrios.ru
1008281127.makasd.ru
1009104060axw.havxcq.ru
1009207443.makasd.ru
100defend.vifpor.ru
100define.vifpor.ru
1010084068.patrios.ru
1011258617.makasd.ru
1011329541.humahu.ru
101291466.dfgqdsd.ru
1014963176.barap.ru
1015589518.makasd.ru
1015725663.hupol.ru
1016088993.dfgqdsd.ru
1016529518.hupol.ru
1016899754.dfgqdsd.ru
1018026648.makasd.ru
1019111400.barap.ru
102021302.makasd.ru
102022728.makasd.ru
1020725794.hupol.ru
1021521633.makasd.ru
102161504.humahu.ru
102395358.polutar.ru
1026186158.dfgqdsd.ru
1027548138.dfgqdsd.ru
1030909000.hupol.ru
103293152.baruta.ru
1033097763.dfgqdsd.ru
1034261059.humahu.ru
1036799133.barap.ru
1037810975.kutoral.ru
103820959.dfgqdsd.ru
1038243906.bulot.ru
1038983827.paranul.ru
1041419060.tispai.ru
1043090872.hupol.ru
1044776288.barap.ru
1044875193.baruta.ru
1045322251.kutoral.ru
1045705197.baruta.ru
1046674563.dfgqdsd.ru
1049775396.humahu.ru
1050125937.baruta.ru
1051355485.hupol.ru
1052840196.baruta.ru
1053863802.hupol.ru
1054967953.hupol.ru
1055075074.tispai.ru
1058548778.hupol.ru
1059757515.humahu.ru
1060084277.baruta.ru
1060105633.hupol.ru
1061079228.hupol.ru
1062671707.dfgqdsd.ru
1063148647.bulot.ru
1064093524.humahu.ru
1064536552.bulot.ru
106556500.hupol.ru
1066460659.dfgqdsd.ru
1066501094.hupol.ru
106679341.tispai.ru
1070666451.tispai.ru
1071592862.dfgqdsd.ru
1074372214.humahu.ru
1075408738.dfgqdsd.ru
1076381899.dfgqdsd.ru
107757445.dfgqdsd.ru
1078176021.hupol.ru
1078770720.hupol.ru
1079104072.hupol.ru
107919073.faturan.ru
1079388678.dfgqdsd.ru
1081161491.tispai.ru
108324956.dfgqdsd.ru
1083689510.dfgqdsd.ru
108388329.hupol.ru
1086705996.dfgqdsd.ru
1088755657.hupol.ru
1088812308.kutoral.ru
1088890181.paranul.ru
1089038230.kutoral.ru
1089763530.hupol.ru
1094159061.polutar.ru
109634541.tispai.ru
1097345502.paranul.ru
1097888616.paranul.ru
1097888795.bulot.ru
10987099.dfgqdsd.ru
10dedicate.vifpor.ru
10desired.vifpor.ru
1100470562.dfgqdsd.ru
1101354247.dfgqdsd.ru
1103998590.dfgqdsd.ru
1104939842.guvalas.ru
1108885639.tispai.ru
1108888418.tispai.ru
1109757959.muctafa.ru
1114078715.dfgqdsd.ru
1114629334.tispai.ru
1117606201.dfgqdsd.ru
1120156686.dfgqdsd.ru
1121248689.paranul.ru
1123352463.dfgqdsd.ru
1124229277.hupol.ru
1124362326.ertiway.ru
1125771228.tispai.ru
1126265261.dfgqdsd.ru
1133301586.dfgqdsd.ru
1133499924.dfgqdsd.ru
1134709354.barap.ru
1136088435.humahu.ru
1136199368.dfgqdsd.ru
1138489635.bulot.ru
1143497389.barap.ru
114362776.dfgqdsd.ru
1146855733.humahu.ru
1147275914.humahu.ru
1148624189.humahu.ru
1150571420.dfgqdsd.ru
115179294.humahu.ru
1153653649.dfgqdsd.ru
1154407361.humahu.ru
1157587716.dfgqdsd.ru
1160364071.dfgqdsd.ru
1162594307.dfgqdsd.ru
1164289857.dfgqdsd.ru
1165720284.paranul.ru
1165846558.paranul.ru
1167715939.bulot.ru
116935927.barap.ru
1171644792.barap.ru
1174557593.dfgqdsd.ru
1179219427.bulot.ru
1183918325.paranul.ru
1184808185.barap.ru
1188326602.guvalas.ru
1192565835.dfgqdsd.ru
1192643343.barap.ru
1194497071.dfgqdsd.ru
1196430431.barap.ru
11dedicate.vifpor.ru
11delicious.vifpor.ru
11depend.vifpor.ru
1204456177.patrios.ru
1206048889.dfgqdsd.ru
1206059196.bulot.ru
1207157526.bulot.ru
1210027564.hupol.ru
1211442870.dfgqdsd.ru
1217315528.bulot.ru
1221874535.dfgqdsd.ru
1223577234.faturan.ru
122393931.dfgqdsd.ru
1224260771.dfgqdsd.ru
1228356285.dfgqdsd.ru
1230533041.humahu.ru
1231731283.dfgqdsd.ru
1239802572.bulot.ru
1241308272.paranul.ru
1241663148.paranul.ru
1241675223.dfgqdsd.ru
1242304789.dfgqdsd.ru
1246315167.humahu.ru
12476814.govnoc.ru
12476814.loturam.ru
1247795717.dfgqdsd.ru
1248491215.barap.ru
1248508300.ertiway.ru
1250710330.humahu.ru
1257626770.bulot.ru
1259038819.dfgqdsd.ru
1260161243.dfgqdsd.ru
1264156250.bulot.ru
1265195489.dfgqdsd.ru
1268253168.havxcq.ru
1269695210.dfgqdsd.ru
1292979199.bulot.ru
1295393947.ertiway.ru
1297608182.paranul.ru
1299566665.turonaf.ru
1299969456.dfgqdsd.ru
12definition.vifpor.ru
12desired.vifpor.ru
1305199169.dfgqdsd.ru
1305475960.dfgqdsd.ru
1306330636.dfgqdsd.ru
1310916942.dfgqdsd.ru
1316630652.dfgqdsd.ru
1317395680.dfgqdsd.ru
1318194254.bulot.ru
1318827201.hupol.ru
1325666003.dfgqdsd.ru
1336076963.humahu.ru
13378926.dfgqdsd.ru
1341254206.dfgqdsd.ru
1343833401.dfgqdsd.ru
1347975038.dfgqdsd.ru
1351767919.dfgqdsd.ru
1356929915.dfgqdsd.ru
1357563606.dfgqdsd.ru
1360618965.dfgqdsd.ru
136482088.dfgqdsd.ru
1365940572.dfgqdsd.ru
1367156631.dfgqdsd.ru
1369484027.dfgqdsd.ru
1369957162.humahu.ru
1382154605.dfgqdsd.ru
1384862582.dfgqdsd.ru
1387911630.dfgqdsd.ru
1392762498.dfgqdsd.ru
1396953057.dfgqdsd.ru
1397948161.dfgqdsd.ru
13define.vifpor.ru
13depend.vifpor.ru
1404119091.dfgqdsd.ru
140582249.humahu.ru
1408312749.dfgqdsd.ru
1412023226.dfgqdsd.ru
1412579441.dfgqdsd.ru
1412657186.hupol.ru
1414743445.dfgqdsd.ru
1415771835.humahu.ru
1422469953.dfgqdsd.ru
142954143.dfgqdsd.ru
1429701788.dfgqdsd.ru
1429818594.humahu.ru
1433016941.turonaf.ru
143541264.humahu.ru
1439872153.dfgqdsd.ru
1442850561.dfgqdsd.ru
1444622297.dfgqdsd.ru
1445045758.dfgqdsd.ru
1448169733.humahu.ru
1448714554.dfgqdsd.ru
1450808150.humahu.ru
1450957231.dfgqdsd.ru
1453767836.dfgqdsd.ru
1455009792.dfgqdsd.ru
1455883958.humahu.ru
14595481.dfgqdsd.ru
1460869120.dfgqdsd.ru
1461892897.dfgqdsd.ru
1468432600.hupol.ru
1476987237.hupol.ru
1485140474.dfgqdsd.ru
1486232120.dfgqdsd.ru
1487496970.humahu.ru
1490880880.guvalas.ru
1497560395.dfgqdsd.ru
14deeper.vifpor.ru
14definition.vifpor.ru
1501835294.dfgqdsd.ru
1504467440.hupol.ru
1511901402.dfgqdsd.ru
1514487403.hupol.ru
1522084476.dfgqdsd.ru
1523451475.dfgqdsd.ru
1529363048.dfgqdsd.ru
1530990436.dfgqdsd.ru
1533034169.dfgqdsd.ru
1535920400.dfgqdsd.ru
1539365968.humahu.ru
1545048375.guvalas.ru
1547757041.dfgqdsd.ru
1554227955.patrios.ru
1560470020.dfgqdsd.ru
156572713.dfgqdsd.ru
1566334641.paranul.ru
1571658294.dfgqdsd.ru
1572097171.humahu.ru
1581450838.dfgqdsd.ru
1582073298.dfgqdsd.ru
1583871882.dfgqdsd.ru
1586957786.faturan.ru
1596945948.dfgqdsd.ru
1598533413.dfgqdsd.ru
15dedicate.vifpor.ru
15delivered.vifpor.ru
160421064.dfgqdsd.ru
1609751640.hupol.ru
1615471724.dfgqdsd.ru
1621379794.dfgqdsd.ru
1623407617.dfgqdsd.ru
1624678440.dfgqdsd.ru
1626930344.dfgqdsd.ru
1635981389.barap.ru
1637666528.dfgqdsd.ru
1641177891.dfgqdsd.ru
1643378717.hupol.ru
1647448571.humahu.ru
1649103557.dfgqdsd.ru
1650203189.dfgqdsd.ru
1651662553.durakam.ru
165516255.dfgqdsd.ru
1655264834.humahu.ru
1663394395.paranul.ru
1671969206.dfgqdsd.ru
1672434737.dfgqdsd.ru
1676973399.dfgqdsd.ru
1679904784.paranul.ru
1687628586.humahu.ru
1688512463.hupol.ru
1689448286.humahu.ru
1690224637.dfgqdsd.ru
1694341701.dfgqdsd.ru
1696056075.humahu.ru
16declared.vifpor.ru
16dedicate.vifpor.ru
16defence.vifpor.ru
16dessert.vifpor.ru
170353144.hupol.ru
170958719.humahu.ru
1712977155.hupol.ru
1713055933.dfgqdsd.ru
1713859892.dfgqdsd.ru
1714211913.humahu.ru
171764263.dfgqdsd.ru
1732058088.barap.ru
1737861873.dfgqdsd.ru
1738841885.dfgqdsd.ru
1740550395.dfgqdsd.ru
1746424577.dfgqdsd.ru
1746700465.dfgqdsd.ru
1748204184.dfgqdsd.ru
1751388960.dfgqdsd.ru
175208699.dfgqdsd.ru
1752439041.hupol.ru
1755125449.dfgqdsd.ru
1757828226.dfgqdsd.ru
1759133846.paranul.ru
1760840112.humahu.ru
1762952932.hupol.ru
1763938181.patrios.ru
1769391767.dfgqdsd.ru
1774261164.humahu.ru
1774807273.dfgqdsd.ru
1775860785.dfgqdsd.ru
1776783923.faturan.ru
1776802181.hupol.ru
1777141944.dfgqdsd.ru
1777877498.dfgqdsd.ru
178067671.turonaf.ru
1781386558.dfgqdsd.ru
1783729808.guvalas.ru
1783804155.dfgqdsd.ru
1785712919.humahu.ru
1791713591.dfgqdsd.ru
1791955184.ertiway.ru
1792129057.dfgqdsd.ru
1792841612.dfgqdsd.ru
1793766807.humahu.ru
1797092645.dfgqdsd.ru
17declared.vifpor.ru
17defence.vifpor.ru
180829546.dfgqdsd.ru
1817794195.dfgqdsd.ru
1820684055.dfgqdsd.ru
182357887.dfgqdsd.ru
1826945489.dfgqdsd.ru
1827491137.hupol.ru
1829139087.dfgqdsd.ru
1831749273.hupol.ru
1836292507.dfgqdsd.ru
1840263661.hupol.ru
1841594477.dfgqdsd.ru
1842444285.dfgqdsd.ru
1843813978.dfgqdsd.ru
1846177665.humahu.ru
1846981826.dfgqdsd.ru
184741798.dfgqdsd.ru
1851483834.dfgqdsd.ru
1853818821.dfgqdsd.ru
1854162812.humahu.ru
186002798.dfgqdsd.ru
186560130.polutar.ru
186561449.dfgqdsd.ru
1870022550.dfgqdsd.ru
1872237405.dfgqdsd.ru
1873150608.dfgqdsd.ru
1878723322.paranul.ru
187889552.ertiway.ru
1878967774.patrios.ru
1879582817.faturan.ru
1884275392.dfgqdsd.ru
1887246485.dfgqdsd.ru
1896677597.dfgqdsd.ru
1896969418.dfgqdsd.ru
1898309358.patrios.ru
1899194723.dfgqdsd.ru
18decisive.vifpor.ru
18degrade.vifpor.ru
18delicious.vifpor.ru
1909594215.dfgqdsd.ru
1910863506.dfgqdsd.ru
1912804389.hupol.ru
1920084107.dfgqdsd.ru
1923236846.dfgqdsd.ru
1935829091.hupol.ru
1940689621.dfgqdsd.ru
194139780.dfgqdsd.ru
194196991.dfgqdsd.ru
1942627706.dfgqdsd.ru
1943158627.dfgqdsd.ru
1948314599.hupol.ru
1949520038.hupol.ru
1952018363.dfgqdsd.ru
1957053089.humahu.ru
1965083830.dfgqdsd.ru
197943087.dfgqdsd.ru
198307613.hupol.ru
1986261178.dfgqdsd.ru
198988261.dfgqdsd.ru
1991036995.dfgqdsd.ru
1993334359.dfgqdsd.ru
1993574734.dfgqdsd.ru
199600742.dfgqdsd.ru
1999431717.dfgqdsd.ru
19defence.vifpor.ru
19depart.vifpor.ru
1dedicate.vifpor.ru
1degrade.vifpor.ru
1derisive.vifpor.ru
2001107239.dfgqdsd.ru
2002190064.hupol.ru
2004474593.dfgqdsd.ru
2004883865.dfgqdsd.ru
2007433395.dfgqdsd.ru
2007832731.dfgqdsd.ru
2009727227.dfgqdsd.ru
2011526020.dfgqdsd.ru
2015045564.dfgqdsd.ru
2019314662.humahu.ru
201965390.dfgqdsd.ru
2025900603.dfgqdsd.ru
2030866023.dfgqdsd.ru
2037760991.dfgqdsd.ru
2042567173.dfgqdsd.ru
2047249581.dfgqdsd.ru
2051370664.hupol.ru
2057821220.dfgqdsd.ru
206152841.humahu.ru
2061767372.dfgqdsd.ru
2062062484.dfgqdsd.ru
2065327166.dfgqdsd.ru
206919875.paranul.ru
2077586587.hupol.ru
2079360714.dfgqdsd.ru
2081863506.humahu.ru
2083464257.dfgqdsd.ru
2084167878.dfgqdsd.ru
2088595501.dfgqdsd.ru
2090187330.dfgqdsd.ru
2091201542.humahu.ru
2092252667.dfgqdsd.ru
209380279.dfgqdsd.ru
2096818760.humahu.ru
2097534250.dfgqdsd.ru
20defence.vifpor.ru
2105810110.hupol.ru
2118430107.dfgqdsd.ru
2121006633.paranul.ru
2131081002.humahu.ru
213123.olduhik.ru
213722396.dfgqdsd.ru
2140422968.hupol.ru
2147447041.paranul.ru
228489319.faturan.ru
22981548.dfgqdsd.ru
23061601.dfgqdsd.ru
235961275.paranul.ru
252430614.humahu.ru
252719324.dfgqdsd.ru
252790593.dfgqdsd.ru
259048292.dfgqdsd.ru
262017760.dfgqdsd.ru
262981872.paranul.ru
270175561.dfgqdsd.ru
270247223.dfgqdsd.ru
270329998.dfgqdsd.ru
275391191.paranul.ru
276949075.dfgqdsd.ru
279985215.dfgqdsd.ru
283212390.humahu.ru
284682178.paranul.ru
286005959.durakam.ru
289393342.dfgqdsd.ru
292775904.dfgqdsd.ru
293189376.paranul.ru
293835805.dfgqdsd.ru
29587630.dfgqdsd.ru
298213.paranul.ru
302501879.dfgqdsd.ru
312024968.dfgqdsd.ru
319224148.dfgqdsd.ru
321350413.dfgqdsd.ru
327074673.dfgqdsd.ru
328531440.dfgqdsd.ru
334310201.dfgqdsd.ru
334968907.dfgqdsd.ru
339905740.dfgqdsd.ru
339925980.dfgqdsd.ru
339932505.humahu.ru
346522218.dfgqdsd.ru
3466116.dfgqdsd.ru
350851182.dfgqdsd.ru
351377945.dfgqdsd.ru
35des.vifpor.ru
361269244.dfgqdsd.ru
365052268.dfgqdsd.ru
375627425.dfgqdsd.ru
380679715.dfgqdsd.ru
390633147.humahu.ru
391272365.dfgqdsd.ru
392545293.dfgqdsd.ru
395970362.golovaq.ru
403207010.dfgqdsd.ru
406206060.dfgqdsd.ru
408670396.dfgqdsd.ru
41038914.dfgqdsd.ru
412191501.dfgqdsd.ru
420616327.dfgqdsd.ru
425719508.dfgqdsd.ru
426809981.muctafa.ru
427858757.humahu.ru
429083886.dfgqdsd.ru
429114930.dfgqdsd.ru
430647844.humahu.ru
432221132.dfgqdsd.ru
432320830.dfgqdsd.ru
438940483.hupol.ru
441658634.dfgqdsd.ru
443080988.dfgqdsd.ru
443325617.paranul.ru
46.bitorgas.ru
460055123.dfgqdsd.ru
46140692.humahu.ru
469443828.paranul.ru
476924205.faturan.ru
483237315.dfgqdsd.ru
487667314.dfgqdsd.ru
498786899.dfgqdsd.ru
502343490.dfgqdsd.ru
504887886.hupol.ru
506179974.dfgqdsd.ru
511759681.dfgqdsd.ru
512078022.dfgqdsd.ru
516308114.dfgqdsd.ru
518903975.dfgqdsd.ru
5255307.humahu.ru
526839192.dfgqdsd.ru
530819996.dfgqdsd.ru
531270745.polutar.ru
532888584.dfgqdsd.ru
539869440.humahu.ru
542264686.humahu.ru
553788998.humahu.ru
557750230.dfgqdsd.ru
557958604.barap.ru
561027003.dfgqdsd.ru
565701062.paranul.ru
567768982.patrios.ru
568950309.dfgqdsd.ru
569087875.dfgqdsd.ru
569233257.hupol.ru
5770516.hupol.ru
581158345.humahu.ru
581972800.barap.ru
582366115.dfgqdsd.ru
582932468.dfgqdsd.ru
584097240.humahu.ru
589251025.paranul.ru
589665985.dfgqdsd.ru
599912729.dfgqdsd.ru
601270380.dfgqdsd.ru
605934300.humahu.ru
605988365.dfgqdsd.ru
606367579.dfgqdsd.ru
613236203.dfgqdsd.ru
614614213.dfgqdsd.ru
617099030.dfgqdsd.ru
61des.vifpor.ru
62444025.dfgqdsd.ru
63277831.dfgqdsd.ru
636410281.dfgqdsd.ru
63715193.dfgqdsd.ru
637902897.dfgqdsd.ru
643222651.dfgqdsd.ru
643507958.dfgqdsd.ru
655969276.dfgqdsd.ru
657512233.paranul.ru
658689257.hupol.ru
660832397.hupol.ru
664417585.dfgqdsd.ru
668456546.humahu.ru
67009837.dfgqdsd.ru
672006874.dfgqdsd.ru
677189559.dfgqdsd.ru
67874973.dfgqdsd.ru
681253209.humahu.ru
68derisive.vifpor.ru
69258748.hupol.ru
693382598.dfgqdsd.ru
693397522.dfgqdsd.ru
697684245.dfgqdsd.ru
699325580.dfgqdsd.ru
701273316.dfgqdsd.ru
704599522.humahu.ru
704880949.paranul.ru
704911833.dfgqdsd.ru
706396338.paranul.ru
706526125.dfgqdsd.ru
70795143.dfgqdsd.ru
7079792.dfgqdsd.ru
708265139.dfgqdsd.ru
708817093.dfgqdsd.ru
70903299.barap.ru
71des.vifpor.ru
720863214.dfgqdsd.ru
724941120.ertiway.ru
725052417.hupol.ru
727309458.dfgqdsd.ru
728146408.dfgqdsd.ru
72des.vifpor.ru
731651858.dfgqdsd.ru
734828262.dfgqdsd.ru
736043262.dfgqdsd.ru
738964062.dfgqdsd.ru
744490010.dfgqdsd.ru
745511345.dfgqdsd.ru
754613569.faturan.ru
759446167.hupol.ru
759605172.hupol.ru
770504700.paranul.ru
776833787.humahu.ru
777250581.paranul.ru
777668005.dfgqdsd.ru
779020484.dfgqdsd.ru
782845219.paranul.ru
786555121.dfgqdsd.ru
787258342.paranul.ru
790748252.batoh.ru
805511754.dfgqdsd.ru
808832562.dfgqdsd.ru
809445995.dfgqdsd.ru
810929779.dfgqdsd.ru
816466917.dfgqdsd.ru
8274514.dfgqdsd.ru
828473369.ertiway.ru
829938326.dfgqdsd.ru
835130099.dfgqdsd.ru
838463795.humahu.ru
84279161.dfgqdsd.ru
85377596.humahu.ru
854116875.hupol.ru
856669666.dfgqdsd.ru
857176652.dfgqdsd.ru
859344959.dfgqdsd.ru
875156737.patrios.ru
883179976.dfgqdsd.ru
885278781.dfgqdsd.ru
885486928.barap.ru
889832935.faturan.ru
891050762.polutar.ru
892506852.paranul.ru
895941640.humahu.ru
902387327.hupol.ru
904474823.hupol.ru
914229338.dfgqdsd.ru
919796870.humahu.ru
922815362.dfgqdsd.ru
925465240.hupol.ru
927083538.dfgqdsd.ru
930887718.dfgqdsd.ru
936304130.dfgqdsd.ru
937800557.dfgqdsd.ru
939295005.dfgqdsd.ru
943275330.dfgqdsd.ru
945218834.humahu.ru
948725025.humahu.ru
9495959.hupol.ru
954837281.dfgqdsd.ru
958335553.hupol.ru
961502910.hupol.ru
9650232.dfgqdsd.ru
967956143.humahu.ru
96952358.dfgqdsd.ru
972374784.hupol.ru
973907599.hupol.ru
978992040.dfgqdsd.ru
982646669.dfgqdsd.ru
983495461.dfgqdsd.ru
98490703.dfgqdsd.ru
987749792.dfgqdsd.ru
994534294.dfgqdsd.ru
997176357.dfgqdsd.ru
998117145.dfgqdsd.ru
ajsj8dj3b373igb.cupata.ru
bestgif.baralap.ru
big5.baralap.ru
bradwilson.gokols.ru
close25.vukongos.ru
close35.vukongos.ru
close4.vukongos.ru
close44.vukongos.ru
close5.vukongos.ru
close53.vukongos.ru
close62.vukongos.ru
close7.vukongos.ru
close71.vukongos.ru
close84.vukongos.ru
countryside18.judicious.ru
createobject31.vukongos.ru
createobject61.vukongos.ru
decipher96.vifpor.ru
defiant48.auxiliatos.ru
descended31.vifpor.ru
eval24.vukongos.ru
eval30.vukongos.ru
eval32.vukongos.ru
eval55.vukongos.ru
eval66.vukongos.ru
eval97.vukongos.ru
excessdemand94.muctafa.ru
expandenvironmentstrings13.bibitron.ru
expandenvironmentstrings19.bibitron.ru
expandenvironmentstrings23.bibitron.ru
expandenvironmentstrings29.bibitron.ru
expandenvironmentstrings36.bibitron.ru
expandenvironmentstrings47.bibitron.ru
expandenvironmentstrings49.bibitron.ru
expandenvironmentstrings60.bibitron.ru
expandenvironmentstrings65.bibitron.ru
expandenvironmentstrings69.bibitron.ru
expandenvironmentstrings76.bibitron.ru
expandenvironmentstrings78.bibitron.ru
expandenvironmentstrings86.bibitron.ru
explorer45345ttggdgfdgfdg5654654dsfsfdsfdjkkfgff4566ddf.tiporig.ru
getfile16.vukongos.ru
getfile23.vukongos.ru
getfile26.vukongos.ru
getfile31.vukongos.ru
getfile35.vukongos.ru
getfile38.vukongos.ru
getfile39.vukongos.ru
getfile68.vukongos.ru
getfile73.vukongos.ru
getfile88.vukongos.ru
getfile89.vukongos.ru
getfile98.vukongos.ru
len55.vukongos.ru
loop18.bibitron.ru
mueller.ravaet.ru
poco.ravaet.ru
redim26.bibitron.ru
redim37.bibitron.ru
redim74.bibitron.ru
redim8.bibitron.ru
redim80.bibitron.ru
responsebody36.bibitron.ru
run46.bitorgas.ru
saf.baralap.ru
scottpc.gapolsa.ru
seller-staging-new.baralap.ru
send40.bitorgas.ru
set13.bitorgas.ru
set14.bitorgas.ru
set23.bitorgas.ru
set34.bitorgas.ru
set38.bitorgas.ru
set61.bitorgas.ru
set83.bitorgas.ru
set95.bitorgas.ru
sleep20.vukongos.ru
sleep28.vukongos.ru
sleep54.vukongos.ru
sleep63.vukongos.ru
smtp.itoram.ru
stage2mb023.baralap.ru
store.olduhik.ru
testadmin.gapolsa.ru
then21.vukongos.ru
then30.vukongos.ru
then45.vukongos.ru
then46.vukongos.ru
utilities-staging.ravaet.ru
while2.bibitron.ru
while21.bibitron.ru
while30.bibitron.ru
while52.bibitron.ru
while54.bibitron.ru
while57.bibitron.ru
while62.bibitron.ru
write25.ozaharso.ru
wwwwakeupamericans-spree.ravaet.ru

# Reference: https://www.virustotal.com/gui/file/85c27174478a82891571ee21f1d301140cdc00c0a7f2837cca7b38063773ccd7/detection

http://185.161.251.4
/intently61/indifferent.bpt

# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.115/relations

allow.relationship13.kaelos.ru
amazement13.reposant.ru
mid1.bibitron.ru
relationship13.kaelos.ru

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.90/relations

registration30.reposant.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.191/relations

drakhalos.ru
almost85.bankoulpi.ru
until43.drakhalos.ru
until94.drakhalos.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.232.138/relations

nutaral.ru
1012204163.humahu.ru
101994756.humahu.ru
1025586846.humahu.ru
1031907741.humahu.ru
1042695618.dfgqdsd.ru
1054699390.humahu.ru
1109622055.humahu.ru
1147415356.humahu.ru
1226359880.humahu.ru
1279377918.humahu.ru
1285174096.humahu.ru
1363312801.humahu.ru
1384349521.humahu.ru
1414850930.humahu.ru
1454966159.humahu.ru
1458254156.humahu.ru
1459707964.humahu.ru
1469300436.humahu.ru
1490155791.humahu.ru
1532979225.humahu.ru
1539950137.humahu.ru
1591584163.humahu.ru
1613278968.humahu.ru
1617699348.humahu.ru
1628367596.humahu.ru
1640707561.humahu.ru
1641399013.humahu.ru
1642231962.humahu.ru
1669340626.nutaral.ru
1686133874.paranul.ru
1707454711.humahu.ru
1718891464.humahu.ru
1728321368.humahu.ru
1764274682.humahu.ru
1767827359.humahu.ru
1791924801.humahu.ru
1792652109.humahu.ru
1876668844.humahu.ru
1887656473.paranul.ru
1897935336.humahu.ru
1911552917.humahu.ru
1929499919.humahu.ru
1992988995.humahu.ru
2018532789.humahu.ru
2024069758.humahu.ru
2030897904.humahu.ru
2053973704.humahu.ru
2057489267.humahu.ru
2058225806.humahu.ru
2059484723.humahu.ru
2083280244.humahu.ru
2127102352.humahu.ru
2128698510.humahu.ru
2146067381.humahu.ru
260378993.humahu.ru
289836703.humahu.ru
291135442.humahu.ru
373769311.humahu.ru
381450721.dfgqdsd.ru
41826355.humahu.ru
488624743.humahu.ru
498005363.humahu.ru
498390541.humahu.ru
555239330.humahu.ru
595355588.humahu.ru
728893869.humahu.ru
819296785.humahu.ru
831222651.humahu.ru
873656457.humahu.ru
943987204.humahu.ru
96637205.humahu.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.91/relations

268764538.rogac.ru

# Reference: https://twitter.com/Cyber0verload/status/1752679969216409701

aoedamage.ru
artakin.ru
artakos.ru
auroraagain.ru
bortorad.ru
butamat.ru
butanok.ru
coremat.ru
coveredinlies.ru
curates.ru
domestikon.ru
elvalos.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.56/relations

intense69.omeyrpo.ru
run42.gobibo.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.34/relations

1073356279.bajax.ru
each43.nubiumbi.ru
luxurious32.aychobanpo.ru
sof3c4rvbw.coremat.ru
tvkoiecxmx.coremat.ru

# Reference: https://twitter.com/Cyber0verload/status/1752697646698189297

ftrh.ru
geniusto.ru
gitorfa.ru
gosharmot.ru
gularam.ru
gutav.ru
hulom.ru
humala.ru
hutalim.ru
hutarok.ru
iloham.ru
jurdaon.ru
jutara.ru
kamnotop.ru
kandrafolos.ru
kiliq.ru
kolontra.ru
marimashe.ru
mitralos.ru
mordavod.ru
moustachee.ru
mustgoon.ru
nadirocie.ru
nikortal.ru
ninjagoa.ru
nododru.ru
noportor.ru
noprotal.ru
orbentis.ru
orvillo.ru
otiu.ru
prometheis.ru
reforto.ru
ripbozo.ru
rotosol.ru
sillbozo.ru
siphilos.ru
sitteringo.ru
sorefeet.ru
staltulos.ru
stayson.ru
thatsok.ru
tomatron.ru
toorisugita.ru
visiksat.ru
windingroad.ru
ytural.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.226/relations

asd.ytural.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.39.207.76/relations

emv1.toorisugita.ru
mta-sts.toorisugita.ru

# Reference: https://www.virustotal.com/gui/ip-address/62.133.62.59/relations

decipher99.tomatron.ru

# Reference: https://www.virustotal.com/gui/ip-address/62.133.62.70/relations

desolate97.tomatron.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.164/relations

121.festucamos.ru
abney.festucamos.ru
ads-afcv.festucamos.ru
c2.tomatron.ru
deceived31.gitorfa.ru
decorate25.tomatron.ru
deed63.gitorfa.ru
deeper58.nododru.ru
defective88.nododru.ru
defy1.gitorfa.ru
delicate4.tomatron.ru
deliver18.nododru.ru
deliver21.nododru.ru
deliver40.nododru.ru
deliver83.nododru.ru
demolition25.festucamos.ru
demolition96.festucamos.ru
denial33.gitorfa.ru
denial41.nododru.ru
deserved1.tomatron.ru
deserved94.tomatron.ru

# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.237/relations

deceived81.gitorfa.ru
deceived86.gitorfa.ru
decent80.gitorfa.ru
decipher20.geniusto.ru
deed38.gitorfa.ru
deed41.gitorfa.ru
deed53.gitorfa.ru
deed77.gitorfa.ru
deed78.gitorfa.ru
deer16.gitorfa.ru
defender18.tomatron.ru
defender50.pratensismos.ru
defense23.pratensismos.ru
defense47.pratensismos.ru
defiant25.noportor.ru
defiant99.noportor.ru
define1.geniusto.ru
define23.geniusto.ru
define51.geniusto.ru
delighted77.noportor.ru
deploy73.gitorfa.ru
deserved22.tomatron.ru
deserved85.tomatron.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.215/relations

1a975eaae3b263e643b29f98e0078bd7.fitromad.ru
3e4cf432f65b5a332bb308d983610dde.sitteringo.ru
61a9f872259ae8cd9ae7b184bde08dd8.sitteringo.ru
9e48f1bd-a9f7-4a59-aeb3-e8f3b6921129.random.hermiona.ru
explorer.sitteringo.ru
random.hermiona.ru

# Reference: https://www.virustotal.com/gui/ip-address/38.54.93.204/relations

defy92.rotosol.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.42.163.121/relations

89des.vifpor.ru
94des.vifpor.ru
necessity47.punhanpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.42.163.125/relations

41des.vifpor.ru
demonstration79.ragibpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.80/relations

aa.binhz.ru
altered89.binhz.ru
alternative.salute4.binhz.ru
alternative.salute58.binhz.ru
alternative.salute78.binhz.ru
amazed.clash66.binhz.ru
amazed.clash73.binhz.ru
ambiguous.altered89.binhz.ru
bewildered.princess100.binhz.ru
bewildered.princess28.binhz.ru
bewildered.princess44.binhz.ru
bewildered.princess66.binhz.ru
big69.binhz.ru
bill.interested20.binhz.ru
claim.class26.binhz.ru
claim.class50.binhz.ru
clash66.binhz.ru
clash73.binhz.ru
class26.binhz.ru
class50.binhz.ru
interested20.binhz.ru
princess100.binhz.ru
princess28.binhz.ru
princess44.binhz.ru
princess66.binhz.ru
salute4.binhz.ru
salute58.binhz.ru
salute78.binhz.ru
service.binhz.ru

# Reference: https://www.virustotal.com/gui/ip-address/84.32.188.101/relations

judgement71.nightmit.ru

# Reference: https://www.virustotal.com/gui/domain/nightmit.ru/relations

02.nightmit.ru
13.nightmit.ru
academico.nightmit.ru
accounting.nightmit.ru
administrator.nightmit.ru
ak.nightmit.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.215/relations

1a975eaae3b263e643b29f98e0078bd7.fitromad.ru
3e4cf432f65b5a332bb308d983610dde.sitteringo.ru
61a9f872259ae8cd9ae7b184bde08dd8.sitteringo.ru
9e48f1bd-a9f7-4a59-aeb3-e8f3b6921129.random.hermiona.ru
explorer.sitteringo.ru
random.hermiona.ru

# Reference: https://twitter.com/Cyber0verload/status/1753084951585505780

lovetco.ru
ludoida.ru
rutanus.ru
xiandao.ru

# Reference: https://www.virustotal.com/gui/ip-address/154.223.16.124/relations

mid12.lovetco.ru

# Reference: https://www.virustotal.com/gui/ip-address/206.189.205.188/relations

aloft83.kaelos.ru
countries.aloft83.kaelos.ru
descent71.mologadra.ru
integral.low100.gayado.ru
killed.muayidgo.shop
low100.gayado.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.141.214/relations

12deduction.hungzo.ru
14defend.hungzo.ru
16destroy.hungzo.ru
1destroy.hungzo.ru
20destroy.hungzo.ru
22deduction.hungzo.ru
22delighted.hungzo.ru
24destroy.hungzo.ru
24detail.hungzo.ru
26defend.hungzo.ru
27delighted.hungzo.ru
28defend.hungzo.ru
29destroy.hungzo.ru
2defend.hungzo.ru
2destroy.hungzo.ru
30deduction.hungzo.ru
30defend.hungzo.ru
30delighted.hungzo.ru
31defend.hungzo.ru
31destroy.hungzo.ru
33destroy.hungzo.ru
34defend.hungzo.ru
34delighted.hungzo.ru
34destroy.hungzo.ru
35delighted.hungzo.ru
36defend.hungzo.ru
36defiance.hungzo.ru
36destroy.hungzo.ru
37deduction.hungzo.ru
37defend.hungzo.ru
37defiance.hungzo.ru
38defiant.hungzo.ru
38destroy.hungzo.ru
39destroy.hungzo.ru
3defend.hungzo.ru
3defiance.hungzo.ru
3destroy.hungzo.ru
40deduction.hungzo.ru
40defend.hungzo.ru
40defiance.hungzo.ru
40destroy.hungzo.ru
41defend.hungzo.ru
41destroy.hungzo.ru
42defend.hungzo.ru
42destroy.hungzo.ru
42detail.hungzo.ru
43deduction.hungzo.ru
43defend.hungzo.ru
43delighted.hungzo.ru
43destroy.hungzo.ru
44defend.hungzo.ru
45destroy.hungzo.ru
46defend.hungzo.ru
46destroy.hungzo.ru
47declared.hungzo.ru
47destroy.hungzo.ru
48defend.hungzo.ru
48destroy.hungzo.ru
49destroy.hungzo.ru
4defend.hungzo.ru
4defiant.hungzo.ru
4destroy.hungzo.ru
50defend.hungzo.ru
51defend.hungzo.ru
51defiance.hungzo.ru
51destroy.hungzo.ru
54deduction.hungzo.ru
54defend.hungzo.ru
54delighted.hungzo.ru
54destroy.hungzo.ru
55defiance.hungzo.ru
55destroy.hungzo.ru
56defend.hungzo.ru
56delighted.hungzo.ru
56destroy.hungzo.ru
57defend.hungzo.ru
58defiance.hungzo.ru
58destroy.hungzo.ru
59defiance.hungzo.ru
5deduction.hungzo.ru
5defend.hungzo.ru
5defiance.hungzo.ru
5destroy.hungzo.ru
60defend.hungzo.ru
60delay.hungzo.ru
61defend.hungzo.ru
61delighted.hungzo.ru
61destroy.hungzo.ru
62declared.hungzo.ru
62defend.hungzo.ru
62destroy.hungzo.ru
63defend.hungzo.ru
63destroy.hungzo.ru
64destroy.hungzo.ru
65defend.hungzo.ru
65destroy.hungzo.ru
66destroy.hungzo.ru
67defend.hungzo.ru
68defiant.hungzo.ru
69defend.hungzo.ru
69destroy.hungzo.ru
6defend.hungzo.ru
6delighted.hungzo.ru
70defend.hungzo.ru
70delighted.hungzo.ru
71defend.hungzo.ru
71delighted.hungzo.ru
71destroy.hungzo.ru
72defend.hungzo.ru
72destroy.hungzo.ru
73defend.hungzo.ru
73destroy.hungzo.ru
74defend.hungzo.ru
74destroy.hungzo.ru
75defend.hungzo.ru
75destroy.hungzo.ru
76defend.hungzo.ru
76delighted.hungzo.ru
76destroy.hungzo.ru
77destroy.hungzo.ru
78defend.hungzo.ru
79defend.hungzo.ru
7defend.hungzo.ru
7destroy.hungzo.ru
80defend.hungzo.ru
80destroy.hungzo.ru
81defend.hungzo.ru
81destroy.hungzo.ru
82defend.hungzo.ru
83deduction.hungzo.ru
83defend.hungzo.ru
83defiance.hungzo.ru
83destroy.hungzo.ru
84defend.hungzo.ru
84defiance.hungzo.ru
84destroy.hungzo.ru
85defiance.hungzo.ru
86deduction.hungzo.ru
86defend.hungzo.ru
87deduction.hungzo.ru
87defend.hungzo.ru
87destroy.hungzo.ru
88defend.hungzo.ru
88defiance.hungzo.ru
88destroy.hungzo.ru
89destroy.hungzo.ru
90defend.hungzo.ru
90defiance.hungzo.ru
91defend.hungzo.ru
91delighted.hungzo.ru
91destroy.hungzo.ru
92defend.hungzo.ru
92destroy.hungzo.ru
93defend.hungzo.ru
93destroy.hungzo.ru
94defend.hungzo.ru
94destroy.hungzo.ru
95defend.hungzo.ru
95delighted.hungzo.ru
96defend.hungzo.ru
97deduction.hungzo.ru
97defend.hungzo.ru
97destroy.hungzo.ru
98destroy.hungzo.ru
99defend.hungzo.ru
99destroy.hungzo.ru
9deduction.hungzo.ru
9defend.hungzo.ru
9destroy.hungzo.ru
desparately.hungzo.ru
for71.ahmozpi.ru

# Reference: https://www.virustotal.com/gui/ip-address/170.64.169.250/relations
# Reference: https://www.virustotal.com/gui/file/a933aeacf5601e6cd6915f5d27e12d38634009468f0edbfa4d38b41b4aa584f2/detection
# Reference: https://www.virustotal.com/gui/file/a3a9ee2d19de8b27b3c0e5178bd07565a6cc47532b4555abb737d74b60f652f1/detection
# Reference: https://www.virustotal.com/gui/file/535ce755b9c657d825d1ed3774979427dc9f0cb11b517020312178e82c479d2a/detection
# Reference: https://www.virustotal.com/gui/file/3e446429af9c953c69f13697d3ab6af47eab1331faa9c4abc32d01f9695199ad/detection
# Reference: https://www.virustotal.com/gui/file/120dfaaa9c3c5be4feb63b0401808a06ca52f1516b0ddc61ed57c60194bd8571/detection

http://157.230.55.146
http://159.223.192.51
http://170.64.169.250
http://217.78.239.193
http://31.129.22.61
http://64.225.103.49
25deeply.aydinpo.ru
29detach.blootundicht.ru
35defiance.materialistic.ru
37depth.anubisbo.ru
38defiance.materialistic.ru
3detach.blootundicht.ru
43deeply.aydinpo.ru
53defiance.materialistic.ru
57deeply.aydinpo.ru
74depth.anubisbo.ru
76depth.anubisbo.ru
9deeply.aydinpo.ru
for63.ahmozpi.ru
type97.saturnec.ru
/sncluded44/index.html
/sncreasing36/index.html
/snterview36/index.html
/snterview45/index.html
/sntense97/index.html
/snventor18/index.html
/sso44/index.html

# Reference: https://www.virustotal.com/gui/file/b3d9922d33d5a7dae5f54235eee9981c774b1ecb6503d330cf26f76f9cdf75ba/detection

http://164.92.70.50
/sssued80/index.html

# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.96/relations

desk75.ragibpo.ru
for20.ahmozpi.ru

# Reference: https://www.virustotal.com/gui/ip-address/77.83.246.120/relations

degrade1.humorumbi.ru
deletefile29.acaenaso.ru
deletefile70.acaenaso.ru
dim58.suizibel.ru
do72.arabianos.ru
eval37.squeamish.ru
eval51.squeamish.ru
for69.ahmozpi.ru
for7.ahmozpi.ru
for85.ahmozpi.ru
getfile42.dakareypa.ru
getfile67.dakareypa.ru
mid33.arabianos.ru
properties_59.nubiumbi.ru
read13.acaenaso.ru
read29.acaenaso.ru
read32.acaenaso.ru
read6.dzhafarho.ru
read67.dzhafarho.ru
read80.dzhafarho.ru
read90.acaenaso.ru
redim35.arabianos.ru
run99.acaenaso.ru
send40.nubiumbi.ru
send97.dumerilipi.ru
xor22.acaenaso.ru
xor50.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/77.83.246.163/relations

for88.ahmozpi.ru
getfile77.nahtizi.ru
xor85.saturnec.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.141/relations

dim59.suizibel.ru
for77.ahmozpi.ru
getfile38.dakareypa.ru
getfile90.nahtizi.ru
getfile94.nahtizi.ru
heartbreaking.procellarumbi.ru
xor43.saturnec.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.138/relations

for6.ahmozpi.ru
getfile30.nahtizi.ru
getfile88.nahtizi.ru
xor13.saturnec.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.98/relations
# Reference: https://www.virustotal.com/gui/file/460722fa203c44c22763d3e0584a069bd8869c1d64d5088de9991e6d691dc3f9/detection
# Reference: https://www.virustotal.com/gui/file/775aee4485146790107a435fdb548f397ddb5fa31bc72a20e67e0d8973103855/detection

20delayed.aytashpo.ru
94definitely.savalanpo.ru
ajsj8dj3b373igb.addzhobo.ru
ajsj8dj3b373igb.adempo.ru
ajsj8dj3b373igb.agakiypo.ru
ajsj8dj3b373igb.agasypo.ru
ajsj8dj3b373igb.agonizing.ru
ajsj8dj3b373igb.agshinpo.ru
ajsj8dj3b373igb.ahmozpi.ru
ajsj8dj3b373igb.akenatenbo.ru
ajsj8dj3b373igb.akenatonbo.ru
ajsj8dj3b373igb.akiikibo.ru
ajsj8dj3b373igb.akyuldizpo.ru
ajsj8dj3b373igb.albacorepi.ru
ajsj8dj3b373igb.alismaso.ru
ajsj8dj3b373igb.alpaslanpo.ru
ajsj8dj3b373igb.altamishpo.ru
ajsj8dj3b373igb.altugpo.ru
ajsj8dj3b373igb.amenemhatbo.ru
ajsj8dj3b373igb.amonbo.ru
ajsj8dj3b373igb.anguisbi.ru
ajsj8dj3b373igb.antarcticos.ru
ajsj8dj3b373igb.apispi.ru
ajsj8dj3b373igb.asheypi.ru
ajsj8dj3b373igb.atacamabo.ru
ajsj8dj3b373igb.aychobanpo.ru
ajsj8dj3b373igb.aydinpo.ru
ajsj8dj3b373igb.aydoganpo.ru
ajsj8dj3b373igb.aydynpo.ru
ajsj8dj3b373igb.aykutpo.ru
ajsj8dj3b373igb.aytyurkpo.ru
ajsj8dj3b373igb.ayzakpo.ru
ajsj8dj3b373igb.azibobo.ru
ajsj8dj3b373igb.bakaripi.ru
ajsj8dj3b373igb.beringos.ru
ajsj8dj3b373igb.bladefishpi.ru
ajsj8dj3b373igb.capricious.ru
ajsj8dj3b373igb.cresozoq.ru
ajsj8dj3b373igb.cumbersome.ru
ajsj8dj3b373igb.disillusioned.ru
ajsj8dj3b373igb.donkorpa.ru
ajsj8dj3b373igb.dumerilipi.ru
ajsj8dj3b373igb.dussaut.ru
ajsj8dj3b373igb.dzhahipa.ru
ajsj8dj3b373igb.dzhumoukpa.ru
ajsj8dj3b373igb.earsplitting.ru
ajsj8dj3b373igb.erfango.ru
ajsj8dj3b373igb.farukend.ru
ajsj8dj3b373igb.minkazi.ru
dodot.atacamabo.ru
dodot.beringos.ru
getfile7.nahtizi.ru
getobject83.lachindo.ru
globe12.royalpo.ru
naughty24.raminla.ru
visible28.nebtoizi.ru
visible3.nebtoizi.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.108/relations

info.savalanpo.ru
lover63.aychobanpo.ru
ned95.royalpo.ru
redim40.lachindo.ru
redim71.lachindo.ru
relationship50.ayzakpo.ru
send71.kainatbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.39.207.93/relations

70decimal.savalanpo.ru
denied34.rashidiso.ru
lover98.aychobanpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.136/relations

76defiant.savalanpo.ru
integer24.samiseto.ru
reins15.unwieldy.ru
responsebody71.disillusioned.ru
sanction68.boskatrem.ru
sanction93.boskatrem.ru

# Reference: https://www.virustotal.com/gui/domain/savalanpo.ru/relations

100declared.savalanpo.ru
100dense.savalanpo.ru
10descended.savalanpo.ru
11description.savalanpo.ru
12depended.savalanpo.ru
13declared.savalanpo.ru
13definitely.savalanpo.ru
14decimal.savalanpo.ru
14defence.savalanpo.ru
15dense.savalanpo.ru
15dentist.savalanpo.ru
15deny.savalanpo.ru
16depended.savalanpo.ru
18defence.savalanpo.ru
18descended.savalanpo.ru
19decimal.savalanpo.ru
1defence.savalanpo.ru
1descended.savalanpo.ru
20dependant.savalanpo.ru
21dentist.savalanpo.ru
21description.savalanpo.ru
22decipher.savalanpo.ru
22declared.savalanpo.ru
22designed.savalanpo.ru
23depended.savalanpo.ru
24decipher.savalanpo.ru
24defect.savalanpo.ru
24depended.savalanpo.ru
24description.savalanpo.ru
26description.savalanpo.ru
26designed.savalanpo.ru
2description.savalanpo.ru
30depended.savalanpo.ru
33dentist.savalanpo.ru
34descended.savalanpo.ru
36declared.savalanpo.ru
36definitely.savalanpo.ru
36designed.savalanpo.ru
37dene.savalanpo.ru
39dentist.savalanpo.ru
40deny.savalanpo.ru
41description.savalanpo.ru
42declared.savalanpo.ru
43defence.savalanpo.ru
44definitely.savalanpo.ru
44dependant.savalanpo.ru
48decipher.savalanpo.ru
49descended.savalanpo.ru
4description.savalanpo.ru
51depended.savalanpo.ru
52dentist.savalanpo.ru
52depended.savalanpo.ru
53decimal.savalanpo.ru
53dense.savalanpo.ru
53dentist.savalanpo.ru
53descended.savalanpo.ru
55designed.savalanpo.ru
56defence.savalanpo.ru
56description.savalanpo.ru
57dentist.savalanpo.ru
60depended.savalanpo.ru
60description.savalanpo.ru
61decipher.savalanpo.ru
61depended.savalanpo.ru
62depended.savalanpo.ru
62designed.savalanpo.ru
63dedicate.savalanpo.ru
63depended.savalanpo.ru
65dependant.savalanpo.ru
68designed.savalanpo.ru
70defence.savalanpo.ru
70description.savalanpo.ru
71designed.savalanpo.ru
72dependant.savalanpo.ru
73defect.savalanpo.ru
73dentist.savalanpo.ru
74defence.savalanpo.ru
76dense.savalanpo.ru
77dentist.savalanpo.ru
78decimal.savalanpo.ru
78dependant.savalanpo.ru
79descended.savalanpo.ru
80dependant.savalanpo.ru
81definitely.savalanpo.ru
82declared.savalanpo.ru
82descended.savalanpo.ru
83designed.savalanpo.ru
84description.savalanpo.ru
84designed.savalanpo.ru
86declared.savalanpo.ru
86defence.savalanpo.ru
87description.savalanpo.ru
8dene.savalanpo.ru
90declared.savalanpo.ru
90dependant.savalanpo.ru
91descended.savalanpo.ru
92designed.savalanpo.ru
93defence.savalanpo.ru
93descended.savalanpo.ru
93description.savalanpo.ru
95declared.savalanpo.ru
96defect.savalanpo.ru
96defence.savalanpo.ru
97declared.savalanpo.ru
99designed.savalanpo.ru

# Reference: https://twitter.com/Cyber0verload/status/1754947723118149854
# Reference: https://scpc.gov.ua/en/articles/341
# Reference: https://scpc.gov.ua/api/files/ca8167d3-fb54-41f3-a531-699845247dcf
# Reference: https://www.virustotal.com/gui/file/8f8d1ced099d1c80a898d4c0d5f154c98904b2102499473701bbf26d7a07a049/detection
# Reference: https://www.virustotal.com/gui/file/6b9a56220e8f7b0090444b78413cfa072fe8caf6b0f0d4ad539a67dd6413b09a/detection
# Reference: https://www.virustotal.com/gui/file/4be1d26bbc327ece3d74b7604c192245cbfd2bc77d17377461a2739834506292/detection
# Reference: https://www.virustotal.com/gui/file/47002e975b912e43a8a9daaab63331862b7a00ef808a97530acb7511057b3163/detection
# Reference: https://www.virustotal.com/gui/file/3a2b13fab88089752569d277d3c39b1f610fb58a4d82c156fd4fa06bd4db4327/detection
# Reference: https://www.virustotal.com/gui/file/fbf5048f1bf7d18a29fcfed62251cae83aec690b458e0c16d7a6517a93e7c354/detection
# Reference: https://www.virustotal.com/gui/file/d4431dbc634cbb59c250286b35bc4d33b4e26554e1bf504ad2a7a8bc8e151b0a/detection
# Reference: https://www.virustotal.com/gui/file/c3a1d952a652d3a44c60c3eec64e9142f3a3047cd2fd99190711ba230e3de541/detection
# Reference: https://www.virustotal.com/gui/file/9525d71339a4ede1c7837e97f12dc959e4863bbfdc9ae50014405d0250859512/detection
# Reference: https://www.virustotal.com/gui/file/73e1edd6718bede0146542c7371e41fc975950e40ef0a2d32b95a69fe47341c8/detection
# Reference: https://www.virustotal.com/gui/file/73c0c0b00a4cde883a77f41a99e5ba3cebc35627da600224510ebe399d182790/detection
# Reference: https://www.virustotal.com/gui/file/4454416fddf42c1a994e306478e1ef04294e027396bf069abde5145e001836f4/detection
# Reference: https://www.virustotal.com/gui/file/778d0032a6e68966e9235ef838417699ab82d034cd856a5f9c3b9b7e200681d0/detection
# Reference: https://www.virustotal.com/gui/file/e5da40980c55932d3c4de0a4c82ce432a827d3a7e2309e37c53b448eceb9f881/detection
# Reference: https://www.virustotal.com/gui/file/c66e250984f2ba42cdc5c1802ad991001b6aebd2d08e46ddfc4074aa5396c1d6/detection
# Reference: https://www.virustotal.com/gui/file/b697563853a3af8a7c570a88e6bf25196a2438f80d3a73cf7e2a2c94897ec075/detection
# Reference: https://www.virustotal.com/gui/file/3c2131869dfbf0d2de744bb55ecacf07da4c07eda7ca10f20751b1a4e9cc5de0/detection
# Reference: https://www.virustotal.com/gui/file/386eb89fa22342a60f20f5b2186480af6c3462a920d9beef10ea9fe785bae53d/detection
# Reference: https://www.virustotal.com/gui/file/3626e16c6f470b383be8d1f1f039f86793f6a6e33d1fee3b0fa2435a052fcdad/detection
# Reference: https://www.virustotal.com/gui/file/1c608170bd7f5e270bd3c12d7abdd19ff66118bce7e496915d862621e1ccf687/detection

http://185.104.115.173
http://194.31.175.77
http://217.151.229.74
/GP_12_12/header.jpeg
/Sb_12_12/barefooted.jpeg
/Sb_12_12/basically.jpeg
/Sb_12_12/headache.jpeg
/Sb_12_12/intelligent.jpeg
/db.08.12/based.jpeg
/fes.11.12/regions.jpeg
/gp_11_12/heading.jpeg
/moj.08.12/lot.jpeg
/mv.08.12/relate.jpeg
/mvd.09.12/neutral.jpeg
/s.24.11/headline.jpeg
/s.24.11/seldom.jpeg
/sb.09.12/guarantee.jpeg
/ukr.16.11/send/headstone.jpeg
/ukr.23.11/basis.jpeg
/ukr.23.11/refreshments/decipher.jpeg
/ukr.23.11/relation.jpeg
/ukr.24.11/bananas.jpeg
/ukr.24.11/seeming.jpeg
/ukr.16.11/send/
/ukr.23.11/refreshments/

# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.198/relations

1275771653.nutaral.ru
132482381.nutaral.ru
1351491794.nutaral.ru
1410657232.nutaral.ru
142604323.muctafa.ru
1459690658.nutaral.ru
149767172.nutaral.ru
1691590828.vohod.ru
1956891920.nutaral.ru
2026060393.nutaral.ru
2035540365.nutaral.ru
230000432.kiliq.ru
231224034.nutaral.ru
282138067.nutaral.ru
284757440.nutaral.ru
296829240.kiliq.ru
373096678.nutaral.ru
391874313.nutaral.ru
529728419.nutaral.ru
61263268.nutaral.ru
648811020.nutaral.ru
747082716.nutaral.ru
86846334.nutaral.ru
873407888.nutaral.ru
963216283.nutaral.ru
hkcmd.humahu.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.156.102.2/relations

1227559108.nutaral.ru
15289523.nutaral.ru
1669039030.nutaral.ru
1928299123.nutaral.ru
1970400568.nutaral.ru
533197675.nutaral.ru
710357172.nutaral.ru
739432781.nutaral.ru
832840648.nutaral.ru
839179228.nutaral.ru
applicationframehost.hulom.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.229/relations

10dentist.savalanpo.ru
11depended.savalanpo.ru
12designed.savalanpo.ru
20decipher.savalanpo.ru
22decimal.savalanpo.ru
24definitely.savalanpo.ru
25declared.savalanpo.ru
25dependant.savalanpo.ru
26dependant.savalanpo.ru
28descended.savalanpo.ru
29depended.savalanpo.ru
29descended.savalanpo.ru
2defence.savalanpo.ru
30decipher.savalanpo.ru
30dentist.savalanpo.ru
30descended.savalanpo.ru
35decide.aytashpo.ru
37dependant.savalanpo.ru
38decipher.savalanpo.ru
38dependant.savalanpo.ru
38destroyer.aytashpo.ru
40defect.savalanpo.ru
40dependant.savalanpo.ru
41defect.savalanpo.ru
41degrade.aytashpo.ru
46descended.savalanpo.ru
47delusion.aytashpo.ru
48declared.savalanpo.ru
49depended.savalanpo.ru
50dependant.savalanpo.ru
54dentist.savalanpo.ru
55descended.savalanpo.ru
58decimal.savalanpo.ru
58dentist.savalanpo.ru
60dense.savalanpo.ru
62defence.savalanpo.ru
62dense.savalanpo.ru
63dense.savalanpo.ru
65decipher.savalanpo.ru
65description.savalanpo.ru
67defect.savalanpo.ru
67depended.savalanpo.ru
67descended.savalanpo.ru
68description.savalanpo.ru
72declared.savalanpo.ru
73deserter.aytashpo.ru
75decipher.savalanpo.ru
75dependant.savalanpo.ru
76decipher.savalanpo.ru
78designed.savalanpo.ru
7descended.savalanpo.ru
81defect.savalanpo.ru
82decipher.savalanpo.ru
82depended.savalanpo.ru
83dentist.savalanpo.ru
83description.savalanpo.ru
84decimal.savalanpo.ru
84dentist.savalanpo.ru
85dense.savalanpo.ru
86dentist.savalanpo.ru
87defence.savalanpo.ru
87dense.savalanpo.ru
89defy.aytashpo.ru
8deny.savalanpo.ru
90defect.savalanpo.ru
91dependant.savalanpo.ru
92descended.savalanpo.ru
93describe.aytashpo.ru
99dependant.savalanpo.ru
99description.savalanpo.ru
9designer.aytashpo.ru
asc71.kainatbi.ru
chr11.lachindo.ru
chr13.lachindo.ru
chr25.lachindo.ru
chr39.lachindo.ru
chr42.lachindo.ru
chr50.lachindo.ru
chr57.lachindo.ru
chr59.lachindo.ru
chr7.lachindo.ru
chr70.lachindo.ru
chr76.lachindo.ru
chr78.lachindo.ru
chr94.lachindo.ru
chr99.lachindo.ru
close.omranpo.ru
counsel73.royalpo.ru
deck72.festucamos.ru
do76.drakhalos.ru
emv1.aytashpo.ru
fileexists71.lachindo.ru
getobject10.lachindo.ru
getobject16.lachindo.ru
getobject19.lachindo.ru
getobject20.lachindo.ru
getobject21.lachindo.ru
getobject22.lachindo.ru
getobject41.lachindo.ru
getobject48.lachindo.ru
getobject5.lachindo.ru
getobject60.lachindo.ru
getobject78.lachindo.ru
getobject96.lachindo.ru
getobject98.lachindo.ru
globe2.royalpo.ru
globe39.royalpo.ru
ned1.royalpo.ru
redim73.bitorgas.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.243/relations

while71.drakhalos.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.112/relations

rnexo.shop
sav.rnexo.shop

# Reference: https://www.virustotal.com/gui/ip-address/65.109.206.21/relations

simoo.ddns.net
wer.rnexo.shop

# Reference: https://www.virustotal.com/gui/ip-address/77.83.246.128/relations

asc4.lovetco.ru
do52.lovetco.ru

# Reference: https://twitter.com/Cyber0verload/status/1756051710391287850
# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.222/relations

erroton.ru
dedicate45.erroton.ru
desire58.artakin.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.12/relations

100destitute.muhvanazi.ru
12destitute.muhvanazi.ru
16destitute.muhvanazi.ru
18demanded.blootundicht.ru
18detach.blootundicht.ru
27detach.blootundicht.ru
28detach.blootundicht.ru
3destitute.muhvanazi.ru
41destitute.muhvanazi.ru
58detach.blootundicht.ru
60destitute.muhvanazi.ru
83destitute.muhvanazi.ru
8destitute.muhvanazi.ru
send83.kemoziripa.ru
send93.kemoziripa.ru
setrequestheader54.nahtizi.ru

# Reference: https://www.virustotal.com/gui/ip-address/24.199.116.154/relations

alone1.asheypi.ru
alone47.asheypi.ru
alone79.asheypi.ru
alone87.asheypi.ru
classes20.asheypi.ru
nearby93.asheypi.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.35/relations
# Reference: https://www.virustotal.com/gui/file/7f824ea31b234cf1e3224d01322cbf9f1ee520e5aa60de9ae88d98f2de4322a0/detection

62desire.aytashpo.ru
86declare.mardango.ru
90defiance.materialistic.ru
abdomens.karimbi.ru
abdomina.karimbi.ru
abdominal.karimbi.ru
abdominales.karimbi.ru
abdominalian.karimbi.ru
abdominally.karimbi.ru
abdominals.karimbi.ru
abdominoanterior.karimbi.ru
abdominocardiac.karimbi.ru
abdominocentesis.karimbi.ru
abdominocystic.karimbi.ru
abdominogenital.karimbi.ru
abdominohysterectomy.karimbi.ru
abdominohysterotomy.karimbi.ru
abdominoposterior.karimbi.ru
abdominoscope.karimbi.ru
abdominoscopy.karimbi.ru
abdominothoracic.karimbi.ru
abdominous.karimbi.ru
abdominovaginal.karimbi.ru
abdominovesical.karimbi.ru
altitude28.karimbi.ru
altitude95.karimbi.ru
big.people25.karimbi.ru
billy16.karimbi.ru
billy85.karimbi.ru
councilman41.karimbi.ru
councilman48.karimbi.ru
councilman6.karimbi.ru
counter.familiar82.karimbi.ru
deception100.basamdi.ru
declare40.agasibi.ru
declared8.gashkaydo.ru
defense4.agasibi.ru
deluge6.agasibi.ru
dene47.agasibi.ru
dependant3.agasibi.ru
dependant44.agasibi.ru
dependant97.agasibi.ru
deprive31.ragibpo.ru
deprive86.ragibpo.ru
designs38.ragibpo.ru
detached16.stereotyped.ru
detached55.davudho.ru
detached65.davudho.ru
fairy.lower59.zardusht.ru
familiar82.karimbi.ru
get.ramalla.ru
people25.karimbi.ru
read.rasulla.ru
redim71.kemnebipa.ru
wscript54.rasulla.ru
wscript80.rasulla.ru

# Reference: https://www.virustotal.com/gui/ip-address/170.64.173.247/relations

0.bahramt.ru
0.payamt.ru
01.bahramt.ru
01.payamt.ru
02.payamt.ru
03.bahramt.ru
03.payamt.ru
1.payamt.ru
10.bahramt.ru
10.payamt.ru
100dependent.talgatgi.ru
11.bahramt.ru
11.payamt.ru
12.bahramt.ru
12.payamt.ru
13.bahramt.ru
13.payamt.ru
14.payamt.ru
15.bahramt.ru
15.payamt.ru
16.bahramt.ru
16.payamt.ru
17.bahramt.ru
17.payamt.ru
18.payamt.ru
19.bahramt.ru
19.payamt.ru
2.bahramt.ru
2.nilfa.ru
2.payamt.ru
20.payamt.ru
25desire.talgatgi.ru
3.bahramt.ru
3.nilfa.ru
3.payamt.ru
30deserter.mardango.ru
4.bahramt.ru
4.payamt.ru
41denied.talgatgi.ru
48delicious.talgatgi.ru
58delicious.talgatgi.ru
59deliver.ramalla.ru
59desire.talgatgi.ru
6.bahramt.ru
6.payamt.ru
66dependent.talgatgi.ru
7.bahramt.ru
7.payamt.ru
70delicious.talgatgi.ru
74dentist.mardango.ru
77dentist.mardango.ru
8.bahramt.ru
8.payamt.ru
9.bahramt.ru
9.payamt.ru
93denied.talgatgi.ru
a.auth-ns.bahramt.ru
a.bahramt.ru
a01.payamt.ru
a02.bahramt.ru
a02.payamt.ru
aaa.amygdalus.ru
aaa.nilfa.ru
aaa.veikir.ru
aaa.ytterbiumo.ru
abdominohysterectomy.veikir.ru
abdominohysterotomy.veikir.ru
abdominoposterior.veikir.ru
abdominoscope.veikir.ru
abdominothoracic.veikir.ru
abdominovaginal.veikir.ru
abduced.veikir.ru
abducens.veikir.ru
abduces.veikir.ru
abducing.veikir.ru
abducted.veikir.ru
abductions.veikir.ru
abductor.veikir.ru
abductores.veikir.ru
abeam.veikir.ru
auction.nilfa.ru
auction2.nilfa.ru
auth-ns.bahramt.ru
clever.nilfa.ru
emv1.amygdalus.ru
ftp.nilfa.ru
get.aasim.ru
get.amygdalus.ru
get.cordata.ru
get.nilfa.ru
i.nilfa.ru
m.vistaria.ru
mir.nilfa.ru
n.cordata.ru
root.nilfa.ru
sber.sberbank.payamt.ru
sberbank.berylliumo.ru
sberbank.payamt.ru
sberbank.sberbank.payamt.ru
service.amygdalus.ru
smtp.nilfa.ru
thyroxin.aasim.ru
tigellus.aasim.ru
tigereye.aasim.ru
tigerfoot.aasim.ru
tigerism.aasim.ru
ui.nilfa.ru
upd.nilfa.ru

# Reference: https://www.virustotal.com/gui/file/7f824ea31b234cf1e3224d01322cbf9f1ee520e5aa60de9ae88d98f2de4322a0/detection
# Reference: https://www.virustotal.com/gui/file/68567fa54ac77bb3cdb617af7e80353c2113716312f806fc26d9e6f612dd504b/detection
# Reference: https://www.virustotal.com/gui/file/52a5afd2b4f829ef15401c87995c96f2bde9b0ee26febf96d0484c38f07166a3/detection
# Reference: https://www.virustotal.com/gui/file/4d3ce5b0d66f20c15d8a816bc1371bd9b78bed76f838b09aa36174c24f386097/detection
# Reference: https://www.virustotal.com/gui/file/33b82f17d78f0ee1d752863b0195e46db8a35e2f4260e5de7440e163e0913508/detection
# Reference: https://www.virustotal.com/gui/file/7f824ea31b234cf1e3224d01322cbf9f1ee520e5aa60de9ae88d98f2de4322a0/detection

http://128.199.147.202
http://159.223.148.85
/smprovements82/index.html
/snclusion7/index.html
/snstances70/index.html
/sntellectual2/index.html
/sntermediate69/index.html
/sts61/index.html

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.136/relations

while22.drakhalos.ru

# Reference: https://www.virustotal.com/gui/ip-address/128.199.147.202/relations

24desirable.lopraner.ru
25defiant.lopraner.ru
25despite.lopraner.ru
28decidedly.lopraner.ru
32declare.mardango.ru
43december.lopraner.ru
49descendant.anumbo.ru
55deeply.aydinpo.ru
60den.mardango.ru
68declare.lopraner.ru
97defect.anumbo.ru
98deluge.lopraner.ru
99decrepit.lopraner.ru
aasvogel.kasymbi.ru
aasvogels.kasymbi.ru
aau.kasymbi.ru
ab.kasymbi.ru
aba.kasymbi.ru
ababa.kasymbi.ru
ababdeh.kasymbi.ru
ababua.kasymbi.ru
abac.kasymbi.ru
abaca.kasymbi.ru
abacas.kasymbi.ru
abacate.kasymbi.ru
abacay.kasymbi.ru
abaci.kasymbi.ru
abacinate.kasymbi.ru
abacination.kasymbi.ru
abaciscus.kasymbi.ru
abacist.kasymbi.ru
aback.kasymbi.ru
abacterial.kasymbi.ru
abactinal.kasymbi.ru
abactinally.kasymbi.ru
abaction.kasymbi.ru
abactor.kasymbi.ru
abaculus.kasymbi.ru
altitude18.ibragimo.ru
declared78.gashkaydo.ru
decorate24.ibragimbi.ru
deeper25.vagifgo.ru
deeper78.vagifgo.ru
delusion25.ragibpo.ru
den11.gashkaydo.ru
dentist55.vagifgo.ru
dentist80.vagifgo.ru
dependant2.agasibi.ru
dependant95.agasibi.ru
deprive24.ragibpo.ru
deserts68.dashgynrho.ru
designed64.agasibi.ru
despair36.ragibpo.ru
despair56.ragibpo.ru
dim61.suizibel.ru
intellectual.altitude18.ibragimo.ru
relation92.bankoulpi.ru
service.kasymbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/159.223.148.85/relations

64depression.mardango.ru

# Reference: https://twitter.com/DmitriyMelikov/status/1757686326927749251
# Reference: https://www.virustotal.com/gui/ip-address/194.87.45.66/relations
# Reference: https://www.virustotal.com/gui/file/a24f7169f7f6f4f470fc21f8789efeaf96edb581479db9e8dea2e3130fbc559f/detection

goal5.chromatol.ru
allows.interesting50.galibdo.ru
pretend.goal5.chromatol.ru
/DESKTOP-QERF5B3/allegiance/reliable/lucy.n64
/DESKTOP-QERF5B3/allegiance/reliable/
/DESKTOP-QERF5B3/allegiance/

# Reference: https://www.virustotal.com/gui/ip-address/83.217.9.193/relations

deletefile14.dzhafarho.ru
delight30.humorumbi.ru
glove40.galibdo.ru
princess.glove40.galibdo.ru

# Reference: https://www.virustotal.com/gui/ip-address/94.158.244.40/relations

mail.chromatol.ru

# Reference: https://www.virustotal.com/gui/ip-address/92.118.112.160/relations

15dessert.remmaoso.ru
78depend.negevbo.ru
96delight.barentsot.ru
class.among6.ananiyagi.ru
defence96.rufatpo.ru
deliberately64.humorumbi.ru
deserve42.malived.ru
destruction19.namibbo.ru
destruction3.namibbo.ru
destruction40.namibbo.ru
destruction49.namibbo.ru
destruction51.namibbo.ru
destruction52.namibbo.ru
destruction56.namibbo.ru
destruction68.namibbo.ru
destruction74.namibbo.ru
destruction92.namibbo.ru
eval38.mazhddo.ru
i3.lasculpture.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.72/relations

clasp37.ozirisso.ru
delight64.humorumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/143.198.52.53/relations

reliable26.ozirisso.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.232.191/relations

alphabet61.ozirisso.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.200/relations

28deception.fatuamos.ru
73defeat.aytashpo.ru
8deception.fatuamos.ru
getobject2.lachindo.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.156.102.28/relations

faithless66.omariso.ru
getfile16.nahtizi.ru
getfile27.nahtizi.ru
getfile78.nahtizi.ru
getfile93.nahtizi.ru
getfile96.nahtizi.ru
visible5.nebtoizi.ru

# Reference: https://www.virustotal.com/gui/ip-address/62.133.62.38/relations

36deception.fatuamos.ru
48deception.fatuamos.ru
visible46.nebtoizi.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.149/relations

12decipher.savalanpo.ru
13delay.aytashpo.ru
14decipher.savalanpo.ru
17delusion.aytashpo.ru
17dentist.savalanpo.ru
24designed.savalanpo.ru
26declared.savalanpo.ru
26depended.savalanpo.ru
28description.savalanpo.ru
33defence.savalanpo.ru
35dentist.savalanpo.ru
40dentist.savalanpo.ru
47designed.savalanpo.ru
52descended.savalanpo.ru
55dentist.savalanpo.ru
58dependant.savalanpo.ru
59dentist.savalanpo.ru
63dentist.savalanpo.ru
69defect.savalanpo.ru
69depended.savalanpo.ru
7degrade.aytashpo.ru
86dependant.savalanpo.ru
8designer.aytashpo.ru
92dense.savalanpo.ru
94declared.savalanpo.ru
visible89.nebtoizi.ru

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.123/relations

delirium6.muazpo.ru
properties.59.nubiumbi.ru
regret58.absorbeni.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.150/relations

allegiance82.brudimar.ru
allegiance93.brudimar.ru
gnaw97.absorbeni.ru
prick30.barakapi.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.188/relations

prick55.brudimar.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.80/relations

01.arasht.ru
03.arasht.ru
1.arasht.ru
10deliverance.barutipi.ru
14.arasht.ru
16.arasht.ru
19.arasht.ru
5.arasht.ru
8.arasht.ru
aberrantly.dzheni.ru
chr20.dzheni.ru
chr34.dzheni.ru
chr40.dzheni.ru
chr45.dzheni.ru
decent48.ragibpo.ru
decisive37.kaigitang.ru
deduction29.kaigitang.ru
deer2.ragibpo.ru
deer65.ragibpo.ru
deer7.ragibpo.ru
deer71.ragibpo.ru
deer74.ragibpo.ru
defensive40.kaigitang.ru
defensive51.kaigitang.ru
deficiency35.kaigitang.ru
delicious42.kaigitang.ru
getobject74.kontarso.ru
luxury8.brudimar.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.77/relations

luncheon36.brudimar.ru
regulate62.vloperang.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.32.176.66/relations

ajsj8dj3b373igb.adjoining.ru
ajsj8dj3b373igb.ananiyagi.ru
ajsj8dj3b373igb.anubisbo.ru
ajsj8dj3b373igb.ayarimar.ru
ajsj8dj3b373igb.balakshidi.ru
ajsj8dj3b373igb.bankoulpi.ru
ajsj8dj3b373igb.boptizol.ru
ajsj8dj3b373igb.boskatrem.ru
ajsj8dj3b373igb.damirho.ru
ajsj8dj3b373igb.dzhavadho.ru
ajsj8dj3b373igb.iknatonpa.ru
ajsj8dj3b373igb.karoanpa.ru
ajsj8dj3b373igb.kyzylkumbo.ru
ajsj8dj3b373igb.mamduhgo.ru
ajsj8dj3b373igb.materialistic.ru
ajsj8dj3b373igb.mbiziso.ru
ajsj8dj3b373igb.muazpo.ru
ajsj8dj3b373igb.muhvanazi.ru
ajsj8dj3b373igb.naborzi.ru
ajsj8dj3b373igb.novruzpi.ru
ajsj8dj3b373igb.oddzhiso.ru
ajsj8dj3b373igb.omeyrpi.ru
ajsj8dj3b373igb.omranpo.ru
ajsj8dj3b373igb.remmaoso.ru
ajsj8dj3b373igb.spatulapi.ru
ajsj8dj3b373igb.stereotyped.ru
ajsj8dj3b373igb.vilaverde.ru
ajsj8dj3b373igb.vilayatgo.ru
ajsj8dj3b373igb.yorisant.ru
ajsj8dj3b373igb.zaydgo.ru
ajsj8dj3b373igb.zuberipa.ru
allied22.cumbersome.ru
dodot.balticos.ru
dodot.brudimar.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.161.251.61/relations

aaa.samiseto.ru
ahhahaha7764648364iu3nkqhrabododot.samiseto.ru
ajsj8dj3b373igb.achilleaso.ru
ajsj8dj3b373igb.alliumso.ru
ajsj8dj3b373igb.andamanos.ru
ajsj8dj3b373igb.dakareypa.ru
ajsj8dj3b373igb.mhotepzi.ru
ajsj8dj3b373igb.squeamish.ru
ajsj8dj3b373igb.wadibo.ru
dodot.andamanos.ru
zzz.samiseto.ru

# Reference: https://twitter.com/Cyber0verload/status/1759884494746653149
# Reference: https://www.virustotal.com/gui/file/606d8dcf2d97b0564a343b0c1aabcced8375aa3549865eb7b4ddec6f3d3460ab/detection

/DRS-PC-414-005/intent.dot

# Reference: https://www.virustotal.com/gui/ip-address/154.223.16.138/relations

286624215.ertiway.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.106/relations

27des.vifpor.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.150/relations

89definition.progerod.ru

# Reference: https://www.virustotal.com/gui/domain/barutipi.ru/relations

100decent.barutipi.ru
10decent.barutipi.ru
13decent.barutipi.ru
2deceived.barutipi.ru
33decent.barutipi.ru
36delicious.barutipi.ru
45deliverance.barutipi.ru
65deer.barutipi.ru
70deliverance.barutipi.ru
71decent.barutipi.ru
78deliverance.barutipi.ru
85decent.barutipi.ru
87deliverance.barutipi.ru
ajsj8dj3b373igb.barutipi.ru
dauk.barutipi.ru

# Reference: https://www.virustotal.com/gui/ip-address/188.166.176.125/relations

getobject29.kontarso.ru
getobject48.kontarso.ru
getobject65.kontarso.ru
getobject88.kontarso.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.23.107.209/relations

4destruction.anubisbo.ru
60deeply.aydinpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/159.223.67.132/relations
# Reference: https://www.virustotal.com/gui/file/f8fbc6c82ee775c484ac0d7e8f6b7bed6b674bb94bc56d7de04f51d5ac1863e0/detection
# Reference: https://www.virustotal.com/gui/file/7c9baf333b012f015117957dc2ada1e7c02b7b61cbf448e3d4f0bd23822e246c/detection
# Reference: https://www.virustotal.com/gui/file/5eb1fa3bd82dcc95ac9a99815b2a12007bcd4001c9e27848a72486e0e41315f6/detection
# Reference: https://www.virustotal.com/gui/file/0138cda2ab1ac78f6f6456a1bee82ac7d9ea79f48f5b427c547c935e37f4681a/detection

http://159.223.67.132
100desire.talgatgi.ru
25december.highfalutin.ru
31defiance.materialistic.ru
52deeply.aydinpo.ru
55december.highfalutin.ru
56december.highfalutin.ru
60december.highfalutin.ru
8december.highfalutin.ru
88december.highfalutin.ru
90december.highfalutin.ru
93december.highfalutin.ru
9delicious.talgatgi.ru

# Reference: https://www.virustotal.com/gui/file/f717a8bd0b7d672ef871fbd0f0521d1818bac3695bb3b4d7101774ecee64b6ac/detection
# Reference: https://www.virustotal.com/gui/file/f3b9c8d8b66c4405295c747bbb64e0b213ad743275b0e496664f71302f55681f/detection

http://136.244.118.172
http://194.67.71.128
40desire.talgatgi.ru
7desire.talgatgi.ru
/snitially7/index.html
/snquiries57/index.html
/snfluence61/index.html

# Reference: https://www.virustotal.com/gui/file/7af32deb8b219442b4650976d92111a6de4f026a63ff7c9ce95c440da120ec4a/detection

http://143.198.136.173
http://146.190.128.252
73deliver.ramalla.ru
/sndolent16/index.html
/sndolent2/index.html
/sndolent25/index.html
/sndolent33/index.html
/sndolent47/index.html
/sndolent75/index.html
/sndolent97/index.html
/sntellectual16/index.html

# Reference: https://www.virustotal.com/gui/file/77373e61e1ca19e832d382a67c4b4c86dd329bea92d1c98d1eeca63cd6da88d6/detection

http://78.141.224.44
/sntermediate35/index.html

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.110/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.28/relations

svchost.barap.ru
svchost.muctafa.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.213/relations

909210283.barap.ru

# Reference: https://www.virustotal.com/gui/ip-address/38.60.253.69/relations

balalum.ru
gutad.ru
1085752389.nutaral.ru
1181335614.nutaral.ru
1205741404.nutaral.ru
1258848561.nutaral.ru
1507109041.nutaral.ru
1559094244.nutaral.ru
1560270463.nutaral.ru
1608880371.nutaral.ru
1654490338.nutaral.ru
1715900555.nutaral.ru
1717724953.nutaral.ru
1722166912.nutaral.ru
1729279002.nutaral.ru
1740733354.barap.ru
1765441021.nutaral.ru
193006727.nutaral.ru
1956289815.nutaral.ru
1969601870.barap.ru
1996310385.nutaral.ru
2019525924.nutaral.ru
2027293358.nutaral.ru
2079363957.nutaral.ru
2118150228.barap.ru
23103375.barap.ru
273606569.nutaral.ru
307764112.nutaral.ru
307848341.nutaral.ru
325371821.nutaral.ru
431111191.nutaral.ru
446620886.gutad.ru
60151591.nutaral.ru
848573632.nutaral.ru
dwm.humala.ru
ioctlsvc.balalum.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.191/relations

pisun99.gutad.ru
siroga.pisun99.gutad.ru

# Reference: https://www.virustotal.com/gui/ip-address/38.60.247.64/detection

uhssvc.gutad.ru

# Reference: https://www.virustotal.com/gui/ip-address/137.184.41.171/relations

1001812139.gokols.ru
100215046.gokols.ru
1004156947.gokols.ru
1004717876.gokols.ru
1005965674.gokols.ru
1005986379.gokols.ru
1006140160.gokols.ru
100743407.marak.ru
1009689332.gokols.ru
1010369748.marak.ru
1012962622.lahatas.ru
1016178598.tispai.ru
102584046.marak.ru
1069765304.tispai.ru
1082399739.tispai.ru
1087827688.tispai.ru
1131220835.rieturc.ru
1375844669.tispai.ru
1781706616.gawcq.ru
1935116475.gawcq.ru
94122660.tulocal.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.63.62.213/relations

1998249128.gokols.ru

# Reference: https://www.virustotal.com/gui/ip-address/159.89.114.10/relations

458058409.gokols.ru

# Reference: https://www.virustotal.com/gui/ip-address/165.232.82.161/relations

73908102.gokols.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.42.163.189/relations

ajsj8dj3b373igb.gajasx.ru
ajsj8dj3b373igb.garame.ru
ajsj8dj3b373igb.gawsxc.ru
ajsj8dj3b373igb.gojoxa.ru
ajsj8dj3b373igb.gokols.ru
ajsj8dj3b373igb.golovaq.ru
ajsj8dj3b373igb.golowa.ru

# Reference: https://twitter.com/Cyber0verload/status/1767251734253232266
# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.69/relations

fuandzing.ru
golaf.ru
utarq.ru
workbookee.ru
yokal.ru

# Reference: https://twitter.com/Cyber0verload/status/1767264984252166547
# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.89/relations

1008822253.rieturc.ru
1008954144.rieturc.ru
1015952837.rieturc.ru
1016689769.rieturc.ru
1019797688.rieturc.ru
1026960552.rieturc.ru
1030304612.rieturc.ru
1033101264.rieturc.ru
1046091683.rieturc.ru
1048626545.rieturc.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.108/relations

1161721162.barap.ru
1474683011.hutalim.ru
1613863550.hutalim.ru
1633158.hutalim.ru
1803085722.humahu.ru
2086840259.hutalim.ru
291414466.hutalim.ru
730889749.humahu.ru
896541750.barap.ru
927006519.humahu.ru
dllhost.balalum.ru

# Reference: https://twitter.com/Cyberteam008/status/1767391048173601061
# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.31/relations

sleep83.semikos.ru
test.basamdi.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.235.38/relations

arsxs.ru
diviso.ru
erxx.ru
gerxx.ru
pxfo.ru
pxfox.ru
sisnn.ru
twinxx.ru
wwwlyagorn.ru
xovoox.ru
xoyoul.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.23.107.143/relations

bnana.ru
deswe.ru
fxfc.ru
kodkd.ru
lioxu.ru
rerrl.ru
sffll.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.77/relations
# Reference: https://www.virustotal.com/gui/domain/barakapi.ru/relations

ambitious64.osmanpo.ru
claimed13.osmanpo.ru
claimed14.osmanpo.ru
claimed17.osmanpo.ru
claimed24.osmanpo.ru
claimed30.osmanpo.ru
claimed33.osmanpo.ru
claimed35.osmanpo.ru
claimed42.osmanpo.ru
claimed47.osmanpo.ru
claimed48.osmanpo.ru
claimed49.osmanpo.ru
claimed5.osmanpo.ru
claimed59.osmanpo.ru
claimed6.osmanpo.ru
claimed64.osmanpo.ru
claimed68.osmanpo.ru
claimed72.osmanpo.ru
claimed74.osmanpo.ru
claimed78.osmanpo.ru
claimed79.osmanpo.ru
claimed81.osmanpo.ru
claimed88.osmanpo.ru
claimed9.osmanpo.ru
claimed91.osmanpo.ru
claimed93.osmanpo.ru
claimed95.osmanpo.ru
claimed97.osmanpo.ru
clank61.osmanpo.ru
councilman23.barakapi.ru
countless12.barakapi.ru
countless9.barakapi.ru
countless98.barakapi.ru
fake86.osmanpo.ru
necessarily32.barakapi.ru
pressure9.barakapi.ru
relationship91.barakapi.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.111/relations

71destroyed.fatuamos.ru
until90.bitorgas.ru

# Reference: https://www.virustotal.com/gui/ip-address/217.78.239.185/relations

1455433898.vannos.ru
360306391.tispai.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.23.107.203/relations

1023668180.voscod.ru
137443483.rieturc.ru
2004038261.rieturc.ru
367057137.rieturc.ru
385248506.tispai.ru
401930791.rieturc.ru
671967256.rieturc.ru
896361796.rieturc.ru
961502936.voscod.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.124/relations

1003693694.marak.ru
1012427800.pafamar.ru
1012689759.marak.ru
101688917.marak.ru
1023623417.marak.ru
1024526843.pafamar.ru
1024723993.pafamar.ru
1665137775.tispai.ru
1799186898.gawcq.ru
48deliverance.remmaoso.ru
78deliverance.remmaoso.ru
demostrate.rashidiso.ru
description38.wadibo.ru
each13.nubiumbi.ru
each17.nubiumbi.ru
each80.nubiumbi.ru
prickly9.vloperang.ru
prickly93.vloperang.ru

# Reference: https://twitter.com/DmitriyMelikov/status/1770072182850220150
# Reference: https://www.virustotal.com/gui/file/25790c14bd47393b6470247127b92b749bfd356fc04e8d08b0ac730138c665b4/detection

interest89.velihango.ru
courage.interest89.velihango.ru
/DESKTOP-FVCO5K0/registration/along/along.ac
/DESKTOP-FVCO5K0/registration/along/
/DESKTOP-FVCO5K0/registration/

# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.59/relations

1252413315.hutalim.ru
650308199.barap.ru
684733235.yokal.ru
shellexperiencehost.balalum.ru

# Reference: https://www.virustotal.com/gui/ip-address/38.54.114.216/relations

12.ytural.ru
354691003.hutalim.ru
aaaa.ytural.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.217/relations

1768405256.hutalim.ru

# Reference: https://www.virustotal.com/gui/ip-address/95.179.213.122/relations

aloud.protimas.ru
rejoined.hazari.ru
same.protimas.ru

# Reference: https://www.virustotal.com/gui/file/2c750f8716da6d5b55765eaf743bee3d02472bfad891a41b9280d2f7a096485a/detection
# Reference: https://www.virustotal.com/gui/file/bc688a32498864ad02efc96e077bfb73465095dcc4578f0f9270a0da327dc1a0/detection
# Reference: https://www.virustotal.com/gui/file/e92f7ae032794f06483eecc7c0c6b0b022fa5d38b65327867f39e1153efb4b50/detection

shoe.protimas.ru
/DRS-414-004/county.dot

# Reference: https://www.virustotal.com/gui/ip-address/45.63.1.178/relations

3com.protimas.ru
aloud.protimas.ru
class.protimas.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.202.29.99/relations
# Reference: https://www.virustotal.com/gui/file/642809952df08776e37fb91ddba9fc7e1f84c3b6e8e86b7b05ff01332a5a4f0f/detection

aloud.protimas.ru
amongst70.donera.ru
same.protimas.ru
naughty.amongst70.donera.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.141.232/relations

23declare.mardango.ru
56dependent.talgatgi.ru
60denied.talgatgi.ru
94delicious.talgatgi.ru
95den.mardango.ru
96desire.talgatgi.ru
9delusion.ihtiyarbi.ru
decipher28.zaherpa.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.219/relations

40desire.talgatgi.ru

# Reference: https://twitter.com/DmitriyMelikov/status/1773316297373155673
# Reference: https://www.virustotal.com/gui/file/dffbda214a9afe62e66a1565e1339c53f80190b826aef5f35f355e3024e49ec8/detection

family76.mohsenpo.ru
endurance.family76.mohsenpo.ru
/DESKTOP-4O02CJT/naturalist/although/naturalist/souls/interested.acr
/DESKTOP-4O02CJT/naturalist/although/naturalist/souls/
/DESKTOP-4O02CJT/naturalist/although/naturalist/
/DESKTOP-4O02CJT/naturalist/although/
/DESKTOP-4O02CJT/naturalist/

# Reference: https://www.virustotal.com/gui/ip-address/185.247.184.146/relations

1035594229.paranul.ru
1078718408.paranul.ru
1080176389.paranul.ru
1100203655.paranul.ru
1104746699.paranul.ru
1114759060.paranul.ru
1118395194.paranul.ru
112429659.paranul.ru
1171001941.paranul.ru
1205334648.paranul.ru
1227308139.paranul.ru
124554531.paranul.ru
1288179571.hupol.ru
1374368463.paranul.ru
1378433033.hupol.ru
1387916536.hupol.ru
1390982934.paranul.ru
1451326336.paranul.ru
1459884947.hupol.ru
1462712964.paranul.ru
146990631.paranul.ru
1499326032.hupol.ru
1502525330.paranul.ru
1549177186.paranul.ru
1603935016.paranul.ru
1606885514.paranul.ru
1659411205.hupol.ru
1676782804.paranul.ru
1716058335.paranul.ru
1718204997.paranul.ru
171997352.paranul.ru
1735257237.paranul.ru
1744035534.hupol.ru
1754742610.paranul.ru
1815823390.paranul.ru
1832086988.paranul.ru
184497358.paranul.ru
1868056643.paranul.ru
1879843297.paranul.ru
1906601217.paranul.ru
1921110929.paranul.ru
1945709555.paranul.ru
2022344116.paranul.ru
2024252569.paranul.ru
2024811075.paranul.ru
204447180.paranul.ru
2084173726.paranul.ru
2092512094.paranul.ru
2097492455.paranul.ru
2101688379.paranul.ru
2128668115.paranul.ru
31256466.paranul.ru
343832784.paranul.ru
359692375.paranul.ru
371790576.paranul.ru
539340979.paranul.ru
566810685.paranul.ru
600390816.paranul.ru
73202120.paranul.ru
752897097.paranul.ru
75340700.paranul.ru
786154342.paranul.ru
83334650.paranul.ru
837170131.paranul.ru
869744811.paranul.ru
990804804.paranul.ru

# Reference: https://twitter.com/DmitriyMelikov/status/1775247992536039485
# Reference: https://www.virustotal.com/gui/file/e8e5898e27ece32ed62a05b6e7b582d31cd41c41a26ec8ef6915787712f1a7db/detection

/BONDARENKOA/faithful/faithful.dot
/BONDARENKOA/faithful/

# Reference: https://twitter.com/k3yp0d/status/1780843104444039269
# Reference: https://twitter.com/Cyber0verload/status/1781012852251193599
# Reference: https://www.virustotal.com/gui/file/4102d9b119dd8eb1f4e74ccea7c23fa7fc84d44cb8079abdabbe51629ea25ec4/detection
# Reference: https://www.virustotal.com/gui/file/3af4f017b4923fa35b66cc52db9fa4e03471d7851ff74478ba217d2ad1002d0b/detection
# Reference: https://www.virustotal.com/gui/file/16abb9cfae1f08125e77d858922993fbf86b7bc93552016d3b0159ccc0cb5b09/detection
# Reference: https://www.virustotal.com/gui/file/9342d71938badf26173f194bf4c5b57baf51e65349c6f75b94d75e3b8522ab52/detection

http://194.180.191.34
http://78.40.216.192
http://94.158.247.32

# Reference: https://twitter.com/alex_lanstein/status/1782821471737319712
# Reference: https://github.com/StrikeReady-Inc/research/blob/main/2024-04-23%20Suspected%20Gamaredon/desktop-iqd7qc0.txt

http://194.180.191.31

# Reference: https://twitter.com/Cyber0verload/status/1783562598304092544
# Reference: https://www.virustotal.com/gui/ip-address/147.45.178.223/relations
# Reference: https://www.virustotal.com/gui/ip-address/147.45.178.229/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.86.76.152/relations
# Reference: https://www.virustotal.com/gui/file/09251fe38ebaed5f4dc381ee06c811f5d78e6e65a60f51d6082d72e8772024ff/detection

http://172.86.76.152
accountand.ru
mortumakaab.ru
23destroyer.accountand.ru
39destroyer.accountand.ru
55destroyer.accountand.ru
59deserted.mortumakaab.ru
59destroyer.accountand.ru
71destroyer.accountand.ru
deputy39.accountand.ru
deputy48.accountand.ru
deputy55.accountand.ru
deputy68.accountand.ru
deputy71.accountand.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.45.178.227/relations

deliverance84.artakin.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.45.178.219/relations

departure.invictusto.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.53/relations

eval88.herculeso.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.68.37/relations

11defence.negevbo.ru
14demand.kalaharibo.ru
18deception.fatuamos.ru
28dentist.adiantumso.ru
39desired.barentsot.ru
70departed.eldjip.ru
73demolition.atacamabo.ru
7despite.aquariusso.ru
asc87.acaenaso.ru
chr12.gobibo.ru
chr46.gobibo.ru
chr58.gobibo.ru
chr6.gobibo.ru
chr89.gobibo.ru
close42.sativamos.ru
close56.semikos.ru
close9.sativamos.ru
createobject60.ozaharso.ru
decided61.domestikon.ru
decipher27.tomatron.ru
decoy24.rotosol.ru
defective93.rashidiso.ru
defense45.namibbo.ru
defense56.namibbo.ru
dejected54.geniusto.ru
deletefile48.kemoziripa.ru
deletefile92.kemoziripa.ru
delightful42.humorumbi.ru
demonstration66.wadibo.ru
denial97.wadibo.ru
desert14.auxiliatos.ru
desert91.auxiliatos.ru
deserved94.marimashe.ru
deserves35.okparaso.ru
despair63.malived.ru
despite73.triticumos.ru
destination82.namibbo.ru
destroy64.gitorfa.ru
destruction18.acorusso.ru
dim12.acaenaso.ru
dim14.aestivumos.ru
dim28.nandayo.ru
dim46.acaenaso.ru
dim83.nandayo.ru
dim93.nandayo.ru
do12.acaenaso.ru
do13.acaenaso.ru
do57.fortunatos.ru
do64.fortunatos.ru
do98.acaenaso.ru
each16.iuppitertos.ru
each19.bitorgas.ru
each42.logitrap.ru
each43.bitorgas.ru
each6.iuppitertos.ru
each61.iuppitertos.ru
each67.iuppitertos.ru
each7.iuppitertos.ru
each70.iuppitertos.ru
each71.logitrap.ru
each77.bitorgas.ru
each91.logitrap.ru
each92.bitorgas.ru
each92.iuppitertos.ru
each99.iuppitertos.ru
eval19.squeamish.ru
eval24.herculeso.ru
eval47.herculeso.ru
eval69.squeamish.ru
eval7.squeamish.ru
eval71.herculeso.ru
eval77.squeamish.ru
eval91.herculeso.ru
expandenvironmentstrings22.arabianos.ru
expandenvironmentstrings24.nubiumbi.ru
expandenvironmentstrings26.arabianos.ru
expandenvironmentstrings49.arabianos.ru
expandenvironmentstrings84.arabianos.ru
fileexists16.yorisant.ru
fileexists17.sativamos.ru
fileexists20.sativamos.ru
fileexists33.sativamos.ru
fileexists37.arabianos.ru
fileexists38.arabianos.ru
fileexists38.sativamos.ru
fileexists9.sativamos.ru
fileexists90.sativamos.ru
for27.ozaharso.ru
for53.procellarumbi.ru
for61.geminiso.ru
for83.geminiso.ru
for90.ozaharso.ru
function10.crisiumbi.ru
function15.crisiumbi.ru
function44.arabianos.ru
function65.arabianos.ru
getfile10.nahtizi.ru
getfile14.dakareypa.ru
getfile25.dakareypa.ru
getfile27.dakareypa.ru
getfile43.nahtizi.ru
getfile61.dakareypa.ru
getfile92.nahtizi.ru
getobject15.semikos.ru
getobject40.geminiso.ru
getobject54.semikos.ru
getobject60.semikos.ru
getobject65.geminiso.ru
getobject76.semikos.ru
getobject96.semikos.ru
if12.monitral.ru
if15.indianos.ru
if35.indianos.ru
if52.indianos.ru
if52.monitral.ru
if55.indianos.ru
if56.monitral.ru
if61.acaenaso.ru
if66.monitral.ru
if7.monitral.ru
if78.monitral.ru
if94.acaenaso.ru
if99.acaenaso.ru
len13.fortunatos.ru
len15.nubiumbi.ru
len30.logitrap.ru
len52.logitrap.ru
len61.fortunatos.ru
len73.fortunatos.ru
len95.logitrap.ru
loop11.iuppitertos.ru
loop13.sativamos.ru
loop35.iuppitertos.ru
loop41.sativamos.ru
loop44.sativamos.ru
loop48.iuppitertos.ru
loop56.sativamos.ru
loop60.crisiumbi.ru
loop67.marginisbi.ru
loop74.sativamos.ru
loop79.marginisbi.ru
loop81.marginisbi.ru
mid16.acaenaso.ru
mid39.indianos.ru
mid45.indianos.ru
mid70.arabianos.ru
mid75.indianos.ru
mid99.arabianos.ru
openastextstream18.logitrap.ru
openastextstream18.sativamos.ru
openastextstream28.acaenaso.ru
openastextstream31.acaenaso.ru
openastextstream49.logitrap.ru
openastextstream57.acaenaso.ru
openastextstream69.logitrap.ru
openastextstream79.sativamos.ru
openastextstream93.logitrap.ru
position1.indianos.ru
position42.indianos.ru
position71.procellarumbi.ru
position84.procellarumbi.ru
read10.logitrap.ru
read23.acaenaso.ru
read45.acaenaso.ru
read46.logitrap.ru
read53.logitrap.ru
read69.logitrap.ru
read80.logitrap.ru
read89.logitrap.ru
redim2.saturnec.ru
redim20.acaenaso.ru
redim46.acaenaso.ru
redim51.acaenaso.ru
redim79.acaenaso.ru
redim8.acaenaso.ru
redim89.acaenaso.ru
run15.arabianos.ru
run26.arabianos.ru
run40.logitrap.ru
savetofile4.logitrap.ru
savetofile67.logitrap.ru
send10.dumerilipi.ru
send12.nubiumbi.ru
send16.dumerilipi.ru
send19.squeamish.ru
send23.sativamos.ru
send39.sativamos.ru
send45.arabianos.ru
send6.sativamos.ru
send68.sativamos.ru
send71.nubiumbi.ru
send90.sativamos.ru
send98.arabianos.ru
set2.logitrap.ru
set23.logitrap.ru
set42.bitorgas.ru
set48.logitrap.ru
set50.arabianos.ru
set65.arabianos.ru
set7.geminiso.ru
set75.logitrap.ru
set86.logitrap.ru
set89.logitrap.ru
set99.bitorgas.ru
setrequestheader55.nebtoizi.ru
sleep48.gobibo.ru
then1.drakhalos.ru
then31.drakhalos.ru
then35.drakhalos.ru
then39.drakhalos.ru
then41.dumerilipi.ru
then67.dumerilipi.ru
to12.fortunatos.ru
to25.acaenaso.ru
to41.acaenaso.ru
to50.fortunatos.ru
to63.virgoso.ru
to78.fortunatos.ru
to8.procellarumbi.ru
to83.acaenaso.ru
to92.fortunatos.ru
type22.virgoso.ru
type36.virgoso.ru
type67.acaenaso.ru
type70.acaenaso.ru
type80.acaenaso.ru
type90.acaenaso.ru
until28.dumerilipi.ru
until32.semikos.ru
until40.dumerilipi.ru
until44.venustos.ru
until45.dzhibeydpa.ru
until5.venustos.ru
until77.semikos.ru
until77.venustos.ru
until78.semikos.ru
until90.venustos.ru
visible12.mitralos.ru
visible15.mitralos.ru
visible35.arabianos.ru
visible52.mitralos.ru
visible64.nebtoizi.ru
visible66.arabianos.ru
visible68.nebtoizi.ru
visible74.mitralos.ru
visible82.nebtoizi.ru
visible93.nebtoizi.ru
visible99.mitralos.ru
while13.logitrap.ru
while47.vukongos.ru
while48.drakhalos.ru
while68.procellarumbi.ru
while69.vukongos.ru
while76.procellarumbi.ru
while89.vukongos.ru
while95.vukongos.ru
write54.fortunatos.ru
write58.ozaharso.ru
write65.ozaharso.ru
write99.fortunatos.ru
xor10.acaenaso.ru
xor2.saturnec.ru
xor25.saturnec.ru
xor33.acaenaso.ru
xor58.acaenaso.ru
xor8.mudadazi.ru
xor90.acaenaso.ru
xor93.mudadazi.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.112/relations

17defense.antarcticos.ru
54defy.aytashpo.ru
58decide.aytashpo.ru
71delayed.aytashpo.ru
ajsj8dj3b373igb.negevbo.ru
ally29.royalpo.ru
ally80.royalpo.ru
chr14.lachindo.ru
chr30.lachindo.ru
chr46.lachindo.ru
eval26.herculeso.ru
getobject80.lachindo.ru
getobject95.lachindo.ru
globe48.royalpo.ru
globe55.royalpo.ru
mid59.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.121/relations

eval30.herculeso.ru
eval68.herculeso.ru
openastextstream92.acaenaso.ru
release58.lamentable.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.146/relations
# Reference: https://www.virustotal.com/gui/file/35fa55d2ff474823944ab67941256ff5c50dfb90bc01bab03307acc40a1c49eb/detection

eval37.herculeso.ru
xor37.saturnec.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.213/relations

eval56.herculeso.ru
per37.valefgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/62.133.60.106/relations

95deliberately.aytashpo.ru
chr52.lachindo.ru
eval72.herculeso.ru
getobject33.lachindo.ru
globe42.royalpo.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.218/relations
# Reference: https://www.virustotal.com/gui/file/422718096a13c30c9f8d1249c867e564e3b10abbf488497ac04de930a8ca97a9/detection
# Reference: https://www.virustotal.com/gui/file/2a3780c41fc6d9613f705087114b25e0b0ebd36d0874471301f28b1dc6ce973a/detection

eval90.herculeso.ru
type66.mazhddo.ru

# Reference: https://www.virustotal.com/gui/file/cadeb27ed51c315e357d3b60044bed00005a382a55897616452cf5998b0e4918/detection
# Reference: https://www.virustotal.com/gui/file/07f12607c11dc6bc3ff21432e7778907d16e38a1f877e3a837c890c438b683b9/detection

http://193.228.128.164
/sndoors12/index.html
/sndoors28/index.html
/sndoors29/index.html
/sndoors39/index.html
/sndoors40/index.html
/sndoors52/index.html
/sndoors89/index.html
/sndoors9/index.html
/sndoors98/index.html

# Reference: https://www.virustotal.com/gui/ip-address/147.45.179.23/relations

45departure.barentsot.ru
46departed.eldjip.ru
asc52.acaenaso.ru
balduron.ru
chr21.gobibo.ru
chr54.balduron.ru
do11.acaenaso.ru
eval71.logitrap.ru
fileexists86.sativamos.ru
function57.lovetco.ru
getfile37.nahtizi.ru
getobject25.semikos.ru
if90.monitral.ru
len2.logitrap.ru
len40.logitrap.ru
len80.fortunatos.ru
len81.logitrap.ru
loop15.iuppitertos.ru
loop47.iuppitertos.ru
loop54.lovetco.ru
loop77.sativamos.ru
loop84.balduron.ru
mid39.arabianos.ru
mid60.acaenaso.ru
openastextstream56.lovetco.ru
openastextstream72.lovetco.ru
position32.indianos.ru
position95.indianos.ru
properties_33.bromusmos.ru
read6.acaenaso.ru
read91.acaenaso.ru
redim85.acaenaso.ru
run14.logitrap.ru
run30.lovetco.ru
run43.ozaharso.ru
run9.arabianos.ru
savetofile95.balduron.ru
send20.dumerilipi.ru
send40.dumerilipi.ru
send58.lovetco.ru
send58.sativamos.ru
setrequestheader45.balduron.ru
sleep68.monitral.ru
type17.virgoso.ru
type83.acaenaso.ru
until41.semikos.ru
until73.semikos.ru
visible28.mitralos.ru
visible77.quiapour.ru
visible86.nebtoizi.ru
visible88.balduron.ru
while41.logitrap.ru
write10.ozaharso.ru
write66.ozaharso.ru
write82.ozaharso.ru
write97.ozaharso.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.45.50.112/relations

11desired.barentsot.ru
53desired.barentsot.ru
61dentist.adiantumso.ru
86deception.fatuamos.ru
chr4.gobibo.ru
decipher78.tomatron.ru
deserved32.marimashe.ru
destroy80.gitorfa.ru
dim38.acaenaso.ru
dim47.acaenaso.ru
eval22.squeamish.ru
getfile72.ozaharso.ru
getobject30.semikos.ru
loop9.iuppitertos.ru
redim93.acaenaso.ru
run30.arabianos.ru
run71.arabianos.ru
send63.dumerilipi.ru
send92.sativamos.ru
send94.dumerilipi.ru
sleep25.monitral.ru
to33.acaenaso.ru
type19.acaenaso.ru
type4.virgoso.ru
until96.semikos.ru
visible20.nebtoizi.ru
while76.drakhalos.ru
xor16.saturnec.ru
xor46.acaenaso.ru
xor98.saturnec.ru

# Reference: https://www.virustotal.com/gui/ip-address/62.133.62.68/relations
# Reference: https://www.virustotal.com/gui/file/dcfa6e2ee9d3abad0db0e3091e547e3e6f14392878ab743f1710fa880ea23385/detection
# Reference: https://www.virustotal.com/gui/file/50f5e8f673915508d2add406f1c72de5112a01a1b3fdd41b314029c796a7d754/detection

http://62.133.62.68
loop22.crisiumbi.ru
loop63.crisiumbi.ru
loop88.crisiumbi.ru
send1.nubiumbi.ru
send37.nubiumbi.ru
send97.nubiumbi.ru
while26.procellarumbi.ru
while39.procellarumbi.ru
write29.ozaharso.ru
write51.ozaharso.ru
xor13.acaenaso.ru
xor26.acaenaso.ru

# Reference: https://www.virustotal.com/gui/domain/ozaharso.ru/relations

countless76.ozaharso.ru
createobject91.ozaharso.ru
getfile20.ozaharso.ru
getfile81.ozaharso.ru
if33.ozaharso.ru
if46.ozaharso.ru
if78.ozaharso.ru
if89.ozaharso.ru
if90.ozaharso.ru
openastextstream7.ozaharso.ru
redim42.ozaharso.ru
redim49.ozaharso.ru
redim52.ozaharso.ru
redim74.ozaharso.ru
write38.ozaharso.ru
write81.ozaharso.ru
wscript12.ozaharso.ru
wscript4.ozaharso.ru
wscript47.ozaharso.ru
wscript52.ozaharso.ru
wscript71.ozaharso.ru

# Reference: https://www.virustotal.com/gui/ip-address/92.118.112.248/relations

bike61.vloperang.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.231/relations

ambitious56.osmanpo.ru
ambitious8.osmanpo.ru
claimed41.osmanpo.ru
claimed75.osmanpo.ru
fame47.vloperang.ru
fame58.vloperang.ru
fame7.vloperang.ru
goat74.vloperang.ru
prickly49.vloperang.ru
prickly5.vloperang.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.32.176.35/relations

ajsj8dj3b373igb.saharabo.ru
ajsj8dj3b373igb.samiseto.ru
ajsj8dj3b373igb.succinct.ru
ajsj8dj3b373igb.tadrogim.ru
ajsj8dj3b373igb.unwieldy.ru
lkjhgfd.vloperang.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.144/relations

ajsj8dj3b373igb.okparaso.ru
ajsj8dj3b373igb.omariso.ru
rejection29.vloperang.ru

# Reference: https://twitter.com/smica83/status/1790069690280137115
# Reference: https://www.joesandbox.com/analysis/1440738

20defense.accountand.ru
22destroyer.accountand.ru
27destroyer.accountand.ru
42defense.accountand.ru
deputy56.accountand.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.187/relations

9destroyer.accountand.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.45.178.223/relations
# Reference: https://www.virustotal.com/gui/file/0db57979dfc6149bcfbd3fa353aeb6caf311ea9eeecd45df5b542f1ed4f6c4b9/detection

100destroyer.accountand.ru
30destroyer.accountand.ru

# Reference: https://x.com/k3yp0d/status/1791746012974870586
# Reference: https://www.virustotal.com/gui/file/76c594eb55770921d6ffb12fa0e1f5c669f357361d27e1c0f169d78f8069adff/detection

http://45.61.166.37

# Reference: https://www.virustotal.com/gui/ip-address/107.189.24.219/relations

cp2e3c4slgdg63her8qg.credomched.ru
cp2ejlsslgdjafdjatv0.andamanos.ru
cp2ejm4slgdmgekj9qqg.balticos.ru
cp2ejmkslgdl321fdah0.barentsot.ru
cp2f1gkslgdq1qf7brsg.alceaso.ru
cp2f1hkslgdg4l5ltldg.acorusso.ru
cp2fc1sslgdmsc38pq90.marginisbi.ru
cp2ff54slgdngr866a5g.saharabo.ru
cp2g06kslgdla138cr60.dumerilipi.ru
deceived47.gitorfa.ru
deceived54.gitorfa.ru
decipher84.geniusto.ru
dim26.lovetco.ru
dim56.lovetco.ru
dim9.balduron.ru
for2.lovetco.ru
for23.lovetco.ru
for54.lovetco.ru
for55.lovetco.ru
for64.lovetco.ru
for72.lovetco.ru
for86.lovetco.ru
for87.lovetco.ru
for92.lovetco.ru
for97.lovetco.ru
function69.lovetco.ru
function90.lovetco.ru
getfile90.lovetco.ru
getobject75.lovetco.ru
len71.lovetco.ru
loop17.lovetco.ru
loop45.lovetco.ru
loop71.lovetco.ru
loop90.lovetco.ru
loop97.lovetco.ru
openastextstream38.lovetco.ru
openastextstream60.lovetco.ru
properties_29.lovetco.ru
read100.lovetco.ru
read42.lovetco.ru
read44.lovetco.ru
read8.lovetco.ru
responsebody97.lovetco.ru
run38.lovetco.ru
run59.lovetco.ru
run66.lovetco.ru
run75.lovetco.ru
send36.lovetco.ru
send91.balduron.ru
xor39.lovetco.ru
xor50.lovetco.ru
xor62.lovetco.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.104.81/relations

94.crisiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.233.215/relations

allowing74.judicious.ru
amigosdequedecosasii.nebtoizi.ru
amos.nebtoizi.ru
set21.crisiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/38.54.122.163/relations

createobject57.ozaharso.ru
setrequestheader66.nebtoizi.ru
visible7.crisiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.106/relations

deployment76.malived.ru
openastextstream75.crisiumbi.ru
read77.crisiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/139.162.152.124/relations

calclus.ru
18deliver.mortumakaab.ru
69deliver.mortumakaab.ru
cp2dddcslgdtjpio9000.triticumos.ru
cp2e3rcslgdmlk0hmcr0.progerod.ru
cp2g0j4slgdge64tmgig.perccottuspi.ru
cp2g4akslgdusda26ghg.razuiso.ru
dedicate30.calclus.ru
defect6.tomatron.ru
degree31.calclus.ru
destitute8.artakin.ru
destitute93.artakin.ru
dodot.atlanticos.ru
properties_98.logitrap.ru
transparency.nebibizi.ru

# Reference: https://www.virustotal.com/gui/ip-address/107.189.15.131/relations

deer3.calclus.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.139.217/relations

degrade97.artakin.ru
detail81.calclus.ru
dim63.drakhalos.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.76.42/relations

deliberately31.calclus.ru
openastextstream73.drakhalos.ru

# Reference: https://www.virustotal.com/gui/ip-address/139.144.221.36/relations

desired11.artakin.ru
desired39.artakin.ru
write55.logitrap.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.106.105/relations

visiksa.ru
deck1.calclus.ru
dene71.visiksa.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.33.95.188/relations

mashalled.ru
trunda.ru
derived28.calclus.ru
desire94.trunda.ru
read12.quiapour.ru
read34.quiapour.ru
read53.quiapour.ru
while84.mashalled.ru

# Reference: https://www.virustotal.com/gui/ip-address/139.162.240.192/relations

desolate96.trunda.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.74.117/relations

departments81.trunda.ru

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.77/relations

79despise.ludoida.ru
delete95.voulumonte.ru
deliberately15.trunda.ru
deliberately4.trunda.ru
deliberately80.trunda.ru
despite59.visiksa.ru
dim18.nubiumbi.ru
dim29.nubiumbi.ru
dim33.nubiumbi.ru
dim60.nubiumbi.ru
position60.hordeumos.ru
position71.hordeumos.ru
position96.hordeumos.ru
position99.hordeumos.ru
write13.logitrap.ru
write75.logitrap.ru
write90.logitrap.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.147/relations

chr71.mashalled.ru
dim71.elvalos.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.66.3/relations

openastextstream71.mashalled.ru

# Reference: https://www.virustotal.com/gui/ip-address/146.190.129.231/relations

wscript71.mashalled.ru

# Reference: https://www.virustotal.com/gui/ip-address/157.230.236.221/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.86.64.234/relations

responsebody10.mashalled.ru
responsebody11.mashalled.ru
responsebody17.mashalled.ru
responsebody2.mashalled.ru
responsebody27.mashalled.ru
responsebody37.mashalled.ru
responsebody42.mashalled.ru
responsebody48.mashalled.ru
responsebody5.mashalled.ru
responsebody64.mashalled.ru
responsebody88.mashalled.ru
responsebody91.mashalled.ru
responsebody92.mashalled.ru
responsebody99.mashalled.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.232.216.215/relations

dene44.visiksa.ru
dene69.visiksa.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.156.212/relations

dene2.visiksa.ru
dene59.visiksa.ru
dene79.visiksa.ru
write98.logitrap.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.139.221/relations

responsebody29.mashalled.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.124/relations

for71.kolontra.ru
rejection32.absorbeni.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.185/relations

faithful21.absorbeni.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.68.81/relations

aluran.ru
deliberate.ludoida.ru
deploy26.marimashe.ru
des34.trunda.ru
properties_45.arabianos.ru
visible116.aluran.ru
visible144.aluran.ru
visible276.aluran.ru
visible298.aluran.ru
visible73.aluran.ru
visible81.aluran.ru
visible9.aluran.ru
write297.aluran.ru
write502.aluran.ru
write554.aluran.ru

# Reference: https://www.virustotal.com/gui/ip-address/143.110.151.153/relations

loop5343.aluran.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.153.8/relations

mitrala.ru
send44.mitrala.ru

# Reference: https://www.virustotal.com/gui/ip-address/152.42.243.228/relations
# Reference: https://www.virustotal.com/gui/file/e1f7f401bdb00cc775e0f957bb37b4e654596aa8324ec9dd8085d317939d6a3a/detection

http://147.45.51.18
visible78.mitrala.ru
visible82.mitrala.ru
/josie31/jaws.fff

# Reference: https://www.virustotal.com/gui/ip-address/77.83.246.106/relations

dim71.mitrala.ru
expandenvironmentstrings71.mitrala.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.118.132.119/relations

loop19.crisiumbi.ru
loop38.crisiumbi.ru
loop4.crisiumbi.ru
loop57.crisiumbi.ru
loop77.crisiumbi.ru
read11.acaenaso.ru
read24.acaenaso.ru
read41.acaenaso.ru
read44.acaenaso.ru
read64.acaenaso.ru
read98.acaenaso.ru
redim17.acaenaso.ru
redim2.acaenaso.ru
redim33.acaenaso.ru
redim78.acaenaso.ru
rudim71.mitrala.ru
while100.procellarumbi.ru
while30.procellarumbi.ru
while36.procellarumbi.ru
while41.procellarumbi.ru
while69.procellarumbi.ru
while97.procellarumbi.ru
mitrala.rudim71.mitrala.ru
dim71.mitrala.rudim71.mitrala.ru

# Reference: https://www.virustotal.com/gui/ip-address/128.199.18.59/relations

decent.derived.fishardo.ru
preview100.sand.nonima.ru

# Reference: https://www.virustotal.com/gui/ip-address/161.35.154.219/relations

describe.defence.fishardo.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.81/relations

openastextstream95.aethionemaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.123.6/relations

redim21.aethionemaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/157.230.46.179/relations

then35.aethionemaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.202.93.82/relations

intelligence66.machiwo.ru
ntelligence66.machiwo.ru
observationally.bortogat.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.198/relations

65deception.fatuamos.ru
79deception.fatuamos.ru
ajsj8dj3b373igb.acaenaso.ru
ajsj8dj3b373igb.agastanpo.ru
ajsj8dj3b373igb.aktanpo.ru
ajsj8dj3b373igb.aktaypo.ru
ajsj8dj3b373igb.alceaso.ru
ajsj8dj3b373igb.azizibo.ru
ajsj8dj3b373igb.enokida.ru
dodot.trulazek.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.21/relations

40denied.progerod.ru
57desert.trulazek.ru
74deposit.fortunyzo.ru
89deposit.fortunyzo.ru
savetofile14.fortunatos.ru
savetofile69.fortunatos.ru
savetofile8.fortunatos.ru
while92.logitrap.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.114/relations

76defiant.trulazek.ru

# Reference: https://www.virustotal.com/gui/ip-address/195.133.88.110/relations

78defiant.trulazek.ru
between38.zahidgo.ru
each62.nubiumbi.ru
clamour.between38.zahidgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.237/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.142/relations
# Reference: https://www.virustotal.com/gui/file/f23a5a3e235f5b900c762bc0a7eba1c4d7742b5c6101df733282417187efb051/detection
# Reference: https://www.virustotal.com/gui/file/04c9ad747aaaad6e72a29268ed142a766b57fb578b2552c38d16202a502f9441/detection

http://159.89.205.135
159.89.205.135:443
35deposit.fortunyzo.ru
40deposit.fortunyzo.ru
52deposit.fortunyzo.ru
95desert.trulazek.ru
close53.reforto.ru
/snteresting17/index.html
/snteresting26/index.html
/snteresting30/index.html
/snteresting37/index.html
/snteresting55/index.html
/snteresting56/index.html
/snteresting66/index.html
/snteresting69/index.html
/snteresting70/index.html
/snteresting78/index.html
/snteresting8/index.html
/snteresting96/index.html
/snteresting97/index.html

# Reference: https://www.virustotal.com/gui/ip-address/172.104.42.42/relations

98deception.ludoida.ru
run31.arabianos.ru
run90.arabianos.ru

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.135/relations

48despite.ludoida.ru

# Reference: https://www.virustotal.com/gui/ip-address/38.54.80.252/relations

demand54.ludoida.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.238.121/relations

90deep.ludoida.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.120/relations

85department.ludoida.ru
setrequestheader27.balduron.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.124.8/relations

deputy.ludoida.ru

# Reference: https://www.virustotal.com/gui/domain/arabianos.ru/relations
# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.170/relations
# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.212/relations

asc1.arabianos.ru
deletefile11.arabianos.ru
deletefile82.arabianos.ru
dim34.arabianos.ru
doswvset65.arabianos.ru
function78.arabianos.ru
funtion23.arabianos.ru
loop11.arabianos.ru
loop2.arabianos.ru
run18.arabianos.ru
run28.arabianos.ru
run31.arabianos.ru
run75.arabianos.ru
run90.arabianos.ru
visible1.arabianos.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.192/relations

pretence11.raidla.ru
prickly13.vloperang.ru
prickly15.vloperang.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.77.139/relations

useroobebroker.utarq.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.232.50.64/relations

amdrssrcext.utarq.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.153/relations

chrome.utarq.ru

# Reference: https://www.virustotal.com/gui/ip-address/38.54.115.148/relations

conhost.utarq.ru
lsass.utarq.ru
ravbg64.utarq.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.32.176.234/relations

fontdrvhost.utarq.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.32.176.230/relations

comppkgsrv.utarq.ru

# Reference: https://blog.strikeready.com/blog/armageddon-is-more-than-a-grammy-nominated-album/

http://185.225.19.13
http://185.225.19.69
http://194.180.191.41
http://194.180.191.72
/c.18.06
/c.19.06
/fes.17.04
/gm.03.05
/gps.19.04
/moh.17.04
/mou.15.04
/od.04.06
/odd.15.04
/odes.24.04
/ods.06.06
/omr.11.06
/pr.11.04
/pr.18.04
/prob.18.04
/sb.15.04
/siz.19.04
/sukr.19.04
/zaliz.23.04

# Reference: https://www.virustotal.com/gui/ip-address/107.189.24.109/relations

conservatis.ru
hotun.ru
replacemend.ru
skilan.ru
wukongo.ru
75defeated.fatuamos.ru
82defeated.fatuamos.ru
close73.drakhalos.ru
createobject73.conservatis.ru
defect66.auxiliatos.ru
defend42.gitorfa.ru
descended22.allohad.ru
dim14.lovetco.ru
dim43.balduron.ru
expandenvironmentstrings76.balduron.ru
fileexists67.sativamos.ru
for31.wukongo.ru
for4.geminiso.ru
for44.lovetco.ru
for47.balduron.ru
function11.lovetco.ru
getfile26.replacemend.ru
getfile66.lovetco.ru
getfile99.replacemend.ru
mid55.balduron.ru
openastextstream82.drakhalos.ru
position12.hotun.ru
position44.conservatis.ru
read44.skilan.ru
read45.drakhalos.ru
responsebody52.hotun.ru
run33.balduron.ru
run55.lovetco.ru
send96.balduron.ru
then21.balduron.ru
to13.balduron.ru
until12.balduron.ru
visible24.wukongo.ru
write11.balduron.ru
xor22.balduron.ru
xor68.lovetco.ru
xor77.drakhalos.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.234.216.29/relations

defect43.auxiliatos.ru
departments96.columbaso.ru
dim88.acaenaso.ru
fileexists47.sativamos.ru
fileexists70.sativamos.ru
for5.wukongo.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.76.180/relations

safjfgetobject27.geminiso.ru

# Reference: https://www.virustotal.com/gui/ip-address/173.230.137.216/relations

close11.drakhalos.ru
close54.drakhalos.ru
createobject71.conservatis.ru
decree14.artakin.ru
decree20.artakin.ru
degrade70.artakin.ru
dense89.rotosol.ru
dense95.rotosol.ru
dim30.balduron.ru
dim93.drakhalos.ru
for76.balduron.ru
for91.balduron.ru
mid13.drakhalos.ru
mid38.drakhalos.ru
mid60.balduron.ru
mid98.balduron.ru
openastextstream29.drakhalos.ru
read14.drakhalos.ru
read50.drakhalos.ru
run36.balduron.ru
run71.balduron.ru
send44.balduron.ru
send92.balduron.ru
then37.balduron.ru
to60.balduron.ru
to92.balduron.ru
until16.balduron.ru
until97.balduron.ru
visible76.wukongo.ru
write14.balduron.ru
write82.balduron.ru
xor25.drakhalos.ru
xor30.balduron.ru
xor84.drakhalos.ru
xor86.balduron.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.156.102.40/relations

integral96.malikdo.ru
lucky.integral96.malikdo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.147.229.226/relations

chr11.balduron.ru
loop32.iuppitertos.ru
until62.dumerilipi.ru

# Reference: https://www.virustotal.com/gui/domain/balduron.ru/relations

chr34.balduron.ru
chr93.balduron.ru
deletefile14.balduron.ru
deletefile31.balduron.ru
deletefile62.balduron.ru
deletefile7.balduron.ru
each10.balduron.ru
each71.balduron.ru
getobject67.balduron.ru
header59.balduron.ru
loop21.balduron.ru
savetofile13.balduron.ru
savetofile41.balduron.ru
savetofile88.balduron.ru
savetofile99.balduron.ru
setrequestheader16.balduron.ru
setrequestheader33.balduron.ru
setrequestheader47.balduron.ru
setrequestheader60.balduron.ru
setrequestheader94.balduron.ru
setrequestheader95.balduron.ru
write52.balduron.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.42.112.130/relations
# Reference: https://www.virustotal.com/gui/file/f5d0ef0d57cab5325aced25487ddd0fd54d9fb030808c9b2d727b1e22736874f/detection

chr1.nubiumbi.ru
set10.marginisbi.ru
set46.marginisbi.ru
set75.marginisbi.ru
set85.marginisbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/217.78.239.100/detection

62decision.orientalebi.ru
expandenvironmentstrings71.nubiumbi.ru
wscript69.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/file/e3e9183c12bdeee3ee88a68ddd7564501e2a0c20bd54000f68fd932b474dfd42/detection

http://141.98.234.134
http://62.133.62.31
/inventory17/index.html
/inventory60/index.html
/inventory84/index.html

# Reference: https://www.virustotal.com/gui/ip-address/185.39.204.189/relations
# Reference: https://www.virustotal.com/gui/file/418c9669abfd6764aa0140a840b43ca355883f47bef2d55b3abcda5b50bf9b9e/detection

each85.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.143/relations

savetofile9.nubiumbi.ru
send73.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.95.232.188/detection

bible99.agaronbi.ru
delicate84.aytyurkpo.ru
interference62.danizho.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.228.128.95/relations

29defect.remmaoso.ru
loop59.dumerilipi.ru
position44.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.106/relations

loop6.dumerilipi.ru
position99.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.150/relations

rejoice2.gochagdo.ru
visible77.nubiumbi.ru
price.rejoice2.gochagdo.ru

# Reference: https://www.virustotal.com/gui/ip-address/139.59.242.71/relations
# Reference: https://www.virustotal.com/gui/ip-address/144.172.113.53/relations
# Reference: https://www.virustotal.com/gui/file/bf9e17da3cfb5747dd41d4ba37ee2e3ebbb1fe16a7ebbc19d76da0302bf08e42/detection
# Reference: https://www.virustotal.com/gui/file/a303fc5a05fc9c7ac3c40a6882e325663f015331697a0d726547bbad43823ccc/detection

http://144.172.113.53
openastextstream29.replacemend.ru
openastextstream54.replacemend.ru
openastextstream78.replacemend.ru
/jet579/jackal.ega
/jet705/jackal.ega

# Reference: https://www.virustotal.com/gui/ip-address/38.54.79.240/relations

deceive13.acorusso.ru
defiant.rotosol.ru
read9.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.105.94.134/relations

enqdpdo54.acaenaso.ru
wooblclose87.nubiumbi.ru
xrduxto4.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.151.90/relations

pwxqhuntil80.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.73/relations

properties.29.lovetco.ru
xdkhbclose43.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.113.57/relations

28.nubiumbi.ru
29.lovetco.ru
33.bromusmos.ru
54.logitrap.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.59.118.51/relations

cwibyposition9.ozaharso.ru
lcaklclose86.nubiumbi.ru
pqgrcset11.nubiumbi.ru
xhvorresponsebody89.nubiumbi.ru
ygmaiasc90.ozaharso.ru
yskbkwhile39.logitrap.ru
zpldiopenastextstream28.acaenaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/212.18.104.108/relations

ajsj8dj3b373igb.nubiumbi.ru
performance68.boskatrem.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.138/relations

34delay.aytashpo.ru
claimed27.osmanpo.ru
claimed37.osmanpo.ru
claimed40.osmanpo.ru
claimed8.osmanpo.ru
claimed90.osmanpo.ru
faithfully52.omariso.ru
globe5.royalpo.ru
read16.acaenaso.ru
send67.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.61/relations

chr92.nubiumbi.ru
dependant56.acorusso.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.147/relations

ajsj8dj3b373igb.galofad.ru
ajsj8dj3b373igb.gustavas.ru
ajsj8dj3b373igb.gutaram.ru
ajsj8dj3b373igb.gutarax.ru
ajsj8dj3b373igb.hanotip.ru
ajsj8dj3b373igb.haramad.ru
ajsj8dj3b373igb.haramq.ru
ajsj8dj3b373igb.havxcq.ru
ajsj8dj3b373igb.homovos.ru
ajsj8dj3b373igb.honota.ru
asc56.nubiumbi.ru
getfile76.dakareypa.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.136/relations

random.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.196/relations

fileexists81.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/157.245.86.40/relations

each75.nubiumbi.ru
len73.nubiumbi.ru
position62.nubiumbi.ru
write100.aethionemaso.ru
write2.aethionemaso.ru
write23.aethionemaso.ru
write25.aethionemaso.ru
write28.aethionemaso.ru
write29.aethionemaso.ru
write30.aethionemaso.ru
write37.aethionemaso.ru
write42.aethionemaso.ru
write47.aethionemaso.ru
write53.aethionemaso.ru
write54.aethionemaso.ru
write58.aethionemaso.ru
write6.aethionemaso.ru
write63.aethionemaso.ru
write65.aethionemaso.ru
write68.aethionemaso.ru
write77.aethionemaso.ru
write80.aethionemaso.ru
write82.aethionemaso.ru
write87.aethionemaso.ru
write88.aethionemaso.ru
write92.aethionemaso.ru
write99.aethionemaso.ru

# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.129/relations

12degree.atacamabo.ru
delirium.kaigitang.ru
delirium52.kaigitang.ru
delirium72.kaigitang.ru
delirium91.kaigitang.ru
each46.nubiumbi.ru
if73.procellarumbi.ru
position57.nubiumbi.ru
prickly11.vloperang.ru
prickly28.vloperang.ru
rejection100.ayarimar.ru
rejection40.ayarimar.ru
rejection51.ayarimar.ru
rejection57.ayarimar.ru
rejection67.ayarimar.ru
sleep32.suizibel.ru
sleep55.suizibel.ru
sleep90.suizibel.ru

# Reference: https://www.virustotal.com/gui/ip-address/92.118.112.111/relations

11defect.mansurdo.ru
between3.zahidgo.ru
clamour.between3.zahidgo.ru
position88.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.140/relations

position20.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/46.29.234.125/relations

42deliverance.remmaoso.ru
position89.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/89.185.84.181/relations

position18.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.161.251.243/relations

send81.nubiumbi.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.152.22/relations

1039528016.nutaral.ru
475280190.nutaral.ru
765416804.nutaral.ru
ksde.humala.ru

# Reference: https://x.com/fmc_nan/status/1809149829903450606
# Reference: https://www.virustotal.com/gui/file/6d47ce1660eb54a31e7870b170605f9641ec97d756fb865f3a5e357649dc2041/detection

compute-ec2-aws.com
file.compute-ec2-aws.com
files.compute-ec2-aws.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.128.74/relations

32departed.eldjip.ru
63do.vitorog.ru
72do.vitorog.ru
73position.vitorog.ru
close94.drakhalos.ru
decree83.artakin.ru
degrade29.artakin.ru
deliverance26.artakin.ru
detail19.calclus.ru
dim65.drakhalos.ru
dim80.lovetco.ru
dim88.aestivumos.ru
eval19.fortunatos.ru
eval75.fortunatos.ru
fileexists100.virgoso.ru
fileexists14.virgoso.ru
fileexists30.virgoso.ru
fileexists40.virgoso.ru
fileexists69.virgoso.ru
fileexists74.virgoso.ru
for6.lovetco.ru
for95.balduron.ru
getfile70.lovetco.ru
getobject27.semikos.ru
getobject48.semikos.ru
getobject87.semikos.ru
len1.logitrap.ru
len3.logitrap.ru
len31.logitrap.ru
len4.logitrap.ru
len6.logitrap.ru
len63.logitrap.ru
len85.logitrap.ru
mid39.balduron.ru
mid69.balduron.ru
mid87.drakhalos.ru
mid88.indianos.ru
openastextstream28.drakhalos.ru
position71.conservatis.ru
read9.drakhalos.ru
run24.balduron.ru
run70.lovetco.ru
send23.balduron.ru
then36.balduron.ru
to50.balduron.ru
until52.semikos.ru
until59.balduron.ru
until76.semikos.ru
until79.semikos.ru
visible20.wukongo.ru
visible40.quiapour.ru
write23.balduron.ru
xor6.balduron.ru
xor67.drakhalos.ru
xor73.lovetco.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.59.120.122/relations

decrepit31.erroton.ru
decrepit84.erroton.ru
deliverance8.calclus.ru
depart44.erroton.ru
depart69.erroton.ru
depart71.erroton.ru
descended71.calclus.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.128.74/relations

32departed.eldjip.ru
63do.vitorog.ru
72do.vitorog.ru
73position.vitorog.ru
close94.drakhalos.ru
decree83.artakin.ru
degrade29.artakin.ru
deliverance26.artakin.ru
detail19.calclus.ru
dim65.drakhalos.ru
dim80.lovetco.ru
dim88.aestivumos.ru
eval19.fortunatos.ru
eval75.fortunatos.ru
fileexists100.virgoso.ru
fileexists14.virgoso.ru
fileexists30.virgoso.ru
fileexists40.virgoso.ru
fileexists69.virgoso.ru
fileexists74.virgoso.ru
for6.lovetco.ru
for95.balduron.ru
getfile70.lovetco.ru
getobject27.semikos.ru
getobject48.semikos.ru
getobject87.semikos.ru
len1.logitrap.ru
len3.logitrap.ru
len31.logitrap.ru
len4.logitrap.ru
len6.logitrap.ru
len63.logitrap.ru
len85.logitrap.ru
mid39.balduron.ru
mid69.balduron.ru
mid87.drakhalos.ru
mid88.indianos.ru
openastextstream28.drakhalos.ru
position71.conservatis.ru
read9.drakhalos.ru
run24.balduron.ru
run70.lovetco.ru
send23.balduron.ru
then36.balduron.ru
to50.balduron.ru
until52.semikos.ru
until59.balduron.ru
until76.semikos.ru
until79.semikos.ru
visible20.wukongo.ru
visible40.quiapour.ru
write23.balduron.ru
xor6.balduron.ru
xor67.drakhalos.ru
xor73.lovetco.ru

# Reference: https://x.com/smica83/status/1810107397660172528
# Reference: https://www.virustotal.com/gui/file/56921f89c747387aed20dc42aa31d4fa1abc11ac43a09d45db1ffa3663839335/detection

/DESKTOP-P5BRFLE/count/bidding/count/necessary/count.mc6
/DESKTOP-P5BRFLE/count/bidding/count/necessary/
/DESKTOP-P5BRFLE/count/bidding/count/
/DESKTOP-P5BRFLE/count/bidding/
/DESKTOP-P5BRFLE/count/

# Reference: https://www.virustotal.com/gui/file/032fbc5e0f7d65d7cc104840bc4dea70b02b8429e2229b982eb3868dbbb68afa/detection

/DESKTOP-VNT7BLJ/naturalists.dot

# Reference: https://www.virustotal.com/gui/domain/accountand.ru/relations

12defense.accountand.ru
18defense.accountand.ru
28defense.accountand.ru
33defense.accountand.ru
36defense.accountand.ru
50defense.accountand.ru
51defense.accountand.ru
53defense.accountand.ru
60defense.accountand.ru
62departments.accountand.ru
92deep.accountand.ru
delivered53.accountand.ru
deputy11.accountand.ru
deputy23.accountand.ru
deputy92.accountand.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.68.115/relations

hitorova.ru
deed75.hitorova.ru
deed8.hitorova.ru
properties_14.arabianos.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.137/relations

1000000109.pasamart.ru
1001012353.wicksl.ru
1001583341.wicksl.ru
1002834610.kurapat.ru
1003576324.kurapat.ru
1004073294.kurapat.ru
1009365463.kurapat.ru
1011776044.kurapat.ru
1012736449.kurapat.ru
1021427931.kurapat.ru
1022168637.kurapat.ru
1023453840.kurapat.ru
1026617543.kurapat.ru
103106186.kurapat.ru
1032902523.kurapat.ru
1039092098.kurapat.ru
104053539.kurapat.ru
1045982143.kurapat.ru
105958193.kurapat.ru
1070155795.kurapat.ru
1075957063.kurapat.ru
1076140845.kurapat.ru
1078613316.kurapat.ru
1087849762.kurapat.ru
778451924.lopasts.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.153.242.68/relations

frastron.ru
33dim.vitorog.ru
delete28.frastron.ru
openastextstream4590.koloprast.ru
setrequestheader6668.billonda.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.139.233/relations

declare61.hitorova.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.232.249.52/relations

deed57.hitorova.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.195.208.61/relations

deed71.hitorova.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.165.119/relations

denial23.hitorova.ru

# Reference: https://x.com/StrikeReadyLabs/status/1813838790848335999
# Reference: https://www.virustotal.com/gui/file/1b5c9f8eb0efce40e474a62a3751dd021748001257abee0627f1993e575675f6/detection

http://5.181.159.32

# Reference: https://x.com/k3yp0d/status/1816234059686895671
# Reference: https://www.virustotal.com/gui/file/2f1f97df7745433eb31f35f2192810b975cb248a07919d857c9c66592fa10319/detection

http://38.54.29.118

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.39/relations

close83.sativamos.ru

# Reference: https://www.virustotal.com/gui/ip-address/194.87.216.148/relations

properties_71.bromusmos.ru
send71.sativamos.ru

# Reference: https://www.virustotal.com/gui/ip-address/31.129.22.105/relations

properties_1.sativamos.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.228.67/relations

properties_40.sativamos.ru

# Reference: https://www.virustotal.com/gui/ip-address/81.19.140.134/relations

785663.pasas.ru
write76.sativamos.ru

# Reference: https://www.virustotal.com/gui/domain/fatuamos.ru/relations

46dessert.fatuamos.ru
4defeated.fatuamos.ru
53deeper.fatuamos.ru
61des.fatuamos.ru
6defeated.fatuamos.ru
73defeated.fatuamos.ru
75deception.fatuamos.ru
80deception.fatuamos.ru
80defeated.fatuamos.ru
8despite.fatuamos.ru
96defeated.fatuamos.ru
dessert.fatuamos.ru

# Reference: https://x.com/k3yp0d/status/1818585024964202592
# Reference: https://www.virustotal.com/gui/file/8738e268d69225b9328f62299724200f97a8df2248c5be57d4cb817a30fe6944/detection
# Reference: https://www.virustotal.com/gui/file/a73b7971b383d5fa25a28b6083fcdbb689ab206d1d41706013860827333d66c5/detection

http://38.60.162.246

# Reference: https://x.com/dimitribest/status/1818755229480894821
# Reference: https://www.virustotal.com/gui/ip-address/141.98.234.161/relations

bulam.ru
fanac.ru
galow.ru
molug.ru
polif.ru
turap.ru
cz.turap.ru
de.turap.ru
en.turap.ru
es.turap.ru
fr.turap.ru
lv.turap.ru
1686335412.bulam.ru
ajsj8dj3b373igb.barrimor.ru
ajsj8dj3b373igb.weratas.ru
calc.bulam.ru
igcc.winservice.hulom.ru
jusched.fanac.ru
oneapp.igcc.winservice.hulom.ru
powershell.bulam.ru
rdrcef.bulam.ru
securityhealthsystray.turap.ru
tenders.turap.ru
uz.turap.ru
winservice.hulom.ru

# Reference: https://securityintelligence.com/x-force/hive0051-all-in-triple-threat/

http://167.99.104.97
http://5.252.178.181
http://62.133.62.118
http://62.133.62.120
206.189.188.38:443
5.252.178.181:9511

# Reference: https://x.com/k3yp0d/status/1818969726023803200
# Reference: https://www.virustotal.com/gui/file/69bae0f344659364c516e46823413b65a687b5848dc598ae2d031f7bc222b742/detection
# Reference: https://www.virustotal.com/gui/file/e02c68cbeaf62bd2d4f558492197db7c9239cd6df30a7806e3a2f4903d071858/detection
# Reference: https://www.virustotal.com/gui/file/cf5676fe29481a1afcd98dc2d137f5cc341874cd01587d738ff980ff9cbb67b3/detection

http://194.31.175.217
http://45.82.15.221
http://94.198.221.21

# Reference: https://x.com/Cyber0verload/status/1821111514092200027
# Reference: https://www.virustotal.com/gui/file/625f4147abcad7ff8b08540bf21abb6119c02e862dda6f1e6a9bfc8ac59143b4/detection
# Reference: https://www.virustotal.com/gui/file/cd8316cf3641a38054aff9d8b419dd31dfe5bb18aba7838aadddb36cf6c4e8b4/detection

benjamin-unnecessary-mot-configured.trycloudflare.com
benjamin-unnecessary-mothers-configured.trycloudflare.com

# Reference: https://x.com/Cyber0verload/status/1821918941993976276
# Reference: https://www.virustotal.com/gui/file/bec05802abb6bb5068092983510d1ee0cc7252c2c3c9ab8bf4947c34341eb854/detection

http://5.39.254.55
/sp_08.08/days.rtf

# Reference: https://x.com/k3yp0d/status/1822564707426857381
# Reference: https://www.virustotal.com/gui/file/9aae626a3a592233b92c3193479f08137712cecd29abefa91a2f4384357e335c/detection
# Reference: https://www.virustotal.com/gui/file/1aa20988d40eb654e7cc05235a9946047f0d0eb82c498ab46a947121a814cbfb/detection
# Reference: https://www.virustotal.com/gui/file/bfa206b1e86db2514668a082fa85b9d7b0505a0ad3a0af9c96cfcd824aaf8803/detection

http://206.189.84.252
soap-messaging-binding-previously.trycloudflare.com

# Reference: https://x.com/fmc_nan/status/1818111015911133302
# Reference: https://www.virustotal.com/gui/file/0256f2edbef52119be053adb9e115b13e183a5a4d01049354f7e730a4e9924f1/detection
# Reference: https://www.virustotal.com/gui/file/76731409c4a97f0b1660bc3b64cd07f11b8bc8011d3d010215765f4e6f4006e7/detection
# Reference: https://www.virustotal.com/gui/file/85da19f9a4a6a4c21854c90aeb49d01618c5940798a1bad8c58155473ffb29d6/detection

efficiency-ww-hospitality-jesus.trycloudflare.com

# Reference: https://x.com/DmitriyMelikov/status/1822924659332948341
# Reference: https://www.virustotal.com/gui/file/03ebc4abc7ee8bbdc17e694b83e6294840281c7d0bc8aa86ab786e5389923b44/detection

allegiance26.agasypo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.82.13.101/relations

alley53.ibragimo.ru
amends48.librao.ru
alley100.ibragimo.ru
alley53.ibragimo.ru
lower.alley100.ibragimo.ru
lower.alley53.ibragimo.ru
navigation.amends48.librao.ru
penholder43.agasypo.ru
prickly18.vloperang.ru
prickly94.vloperang.ru

# Reference: https://www.virustotal.com/gui/ip-address/85.159.229.53/relations

deserves1.apispi.ru
deserves100.apispi.ru
deserves13.apispi.ru
deserves15.apispi.ru
deserves17.apispi.ru
deserves30.apispi.ru
deserves31.apispi.ru
deserves33.apispi.ru
deserves34.apispi.ru
deserves37.apispi.ru
deserves38.apispi.ru
deserves41.apispi.ru
deserves44.apispi.ru
deserves5.apispi.ru
deserves54.apispi.ru
deserves64.apispi.ru
deserves65.apispi.ru
deserves69.apispi.ru
deserves72.apispi.ru
deserves85.apispi.ru
deserves97.apispi.ru
desk.rasimla.ru
despair83.apispi.ru
emv1.apispi.ru
service.apispi.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.39.207.11/relations

100deed.rasimla.ru
100defence.rasimla.ru
100defensive.rasimla.ru
100degrade.rasimla.ru
100desk.rasimla.ru
10decency.rasimla.ru
10deed.rasimla.ru
10defy.rasimla.ru
10departed.avedisbi.ru
10destruction.rasimla.ru
10detach.rasimla.ru
11defence.rasimla.ru
11defined.rasimla.ru
11definite.rasimla.ru
11den.avedisbi.ru
11dense.rasimla.ru
11departed.avedisbi.ru
11deserve.rasimla.ru
12decent.rasimla.ru
12decided.rasimla.ru
12deed.rasimla.ru
12dependant.avedisbi.ru
14dependant.avedisbi.ru
16departed.avedisbi.ru
16dependant.avedisbi.ru
18dependant.avedisbi.ru
19den.avedisbi.ru
21den.avedisbi.ru
22den.avedisbi.ru
22dependant.avedisbi.ru
24dependant.avedisbi.ru
25dependant.avedisbi.ru
26den.avedisbi.ru
27dependant.avedisbi.ru
28departed.avedisbi.ru
32departed.avedisbi.ru
33deeper.avedisbi.ru
36dependant.avedisbi.ru
37den.avedisbi.ru
38departed.avedisbi.ru
46delight.overjoyed.ru
4derived.fortunyzo.ru
66derived.fortunyzo.ru
aa.amazaspgi.ru
abandonments.kiang.ru
abandons.kiang.ru
abanic.kiang.ru
abaptiston.kiang.ru
abaris.kiang.ru
abarthrosis.kiang.ru
abas.kiang.ru
abase.kiang.ru
abased.kiang.ru
abasedness.kiang.ru
abasement.kiang.ru
abasements.kiang.ru
abaser.kiang.ru
abases.kiang.ru
abasgi.kiang.ru
abash.kiang.ru
abashed.kiang.ru
abashedly.kiang.ru
abashes.kiang.ru
abaxile.kiang.ru
abayas.kiang.ru
abaze.kiang.ru
abbreviature.amazaspgi.ru
abc.amazaspgi.ru
abcoulombs.amazaspgi.ru
abdal.amazaspgi.ru
abderite.amazaspgi.ru
abdicates.amazaspgi.ru
abdominocystic.amazaspgi.ru
abdominogenital.amazaspgi.ru
abdominoposterior.amazaspgi.ru
abdominoscopy.amazaspgi.ru
abdominovaginal.amazaspgi.ru
abductees.amazaspgi.ru
abduction.amazaspgi.ru
abductions.amazaspgi.ru
abductor.amazaspgi.ru
altogether12.ogtaypi.ru
asc.textuso.ru
chr.textuso.ru
close.textuso.ru
do.textuso.ru
eval.textuso.ru
faithful99.ogtaypi.ru
for.textuso.ru
if.textuso.ru
responsebody.textuso.ru
run.textuso.ru
setrequestheader1.goruspa.ru
setrequestheader18.goruspa.ru
setrequestheader24.goruspa.ru
setrequestheader54.goruspa.ru
setrequestheader60.goruspa.ru
setrequestheader90.goruspa.ru
setrequestheader91.goruspa.ru
until.textuso.ru

# Reference: https://x.com/DarkAtlasSquad/status/1799153979844182488
# Reference: https://www.virustotal.com/gui/file/268061a244d56a5347ae66364f6a1cf6ab5654d19086fae6d5607b95d8fc793c/detection
# Reference: https://www.virustotal.com/gui/file/1ec58003c6b7625935976bdfdf7d4a11228a57b32ce1eeece68a1ab48536bbc0/detection
# Reference: https://www.virustotal.com/gui/file/87895c06986f77d1ef102724763404cd50b2804c4d0ebd7d2d7b593e3563be90/detection

http://194.180.191.15

# Reference: https://x.com/StrikeReadyLabs/status/1824518468399468569
# Reference: https://www.virustotal.com/gui/file/ed52d97e91feab18fdde5492773bebda0937b461f06728f58b09e482d45f3e43/detection
# Reference: https://www.virustotal.com/gui/file/ccd2302d234ffdd85edd8ee7167c016ded23b1d0ec0e08418d3e9e65cc2779de/detection
# Reference: https://www.virustotal.com/gui/file/33c771421d1ce6e6e48d80d888bbc93523e0548a0ba2d1a10db371a954846b2a/detection
# Reference: https://www.virustotal.com/gui/file/338385969f5ed8f8459aa00e11625085b4271cb118d47b92d59a9c27eddb1a7e/detection

http://178.130.42.94
amsterdam-sheet-veteran-aka.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1828153531183816951
# Reference: https://www.virustotal.com/gui/file/fbeff47b70a2423e553a174fb001415cca3e954e62c5fa11fe1148843119effe/detection
# Reference: https://www.virustotal.com/gui/file/e11ada70cfe968e7bf36a7d03b4236658fe66f1483ca00238ec29cc5db2cdcd1/detection
# Reference: https://www.virustotal.com/gui/file/4aa97fcbe03d54126bddf5ab482f7959a0e0ae5b43bc3a354f79da3670c3c19d/detection
# Reference: https://www.virustotal.com/gui/file/16755a2692683f6e9ba5d415f4cba3a408b18918280433bd2ef2ee45f2430d96/detection
# Reference: https://www.virustotal.com/gui/file/1301e7f40eac56ed015483678ab248df141e3adeeb844d806fcefe3c6737b264/detection
# Reference: https://www.virustotal.com/gui/file/03f1bc60db394c011dafd397d49e3c534c99dca80fbbbb9c1bb160356d7cd91e/detection

else-accommodation-allowing-throws.trycloudflare.com

# Reference: https://x.com/Cyber0verload/status/1828407745067835445
# Reference: https://www.virustotal.com/gui/file/2d5482e29eb82caebbb19315c0f3f0eee20a9847f31d0ace2ed7307f2062e769/detection
# Reference: https://www.virustotal.com/gui/file/6fb69140fa38a951b8e421a89a2631f93b4d618bc8abfb1685301934ad73127f/detection

wilderness-activists-gazette-purse.trycloudflare.com

# Reference: https://x.com/Cyber0verload/status/1828420545483812954

loguna.ru

# Reference: https://x.com/fr0s7_/status/1828790152933843173
# Reference: https://www.virustotal.com/gui/file/f220d4423c4867f800ad711e4846f55d3b19a0018c8badad82383162a285d00e/detection

cables-define-pets-contamination.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/86059de4155450f0492349ceaebd47e26e63477b994511e6c9ae6a450f733a8f/detection

jurisdiction-xhtml-peace-surrey.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/9d2994797a22bb3dcd47c9af71a7eae731853b17db78ef0b7706d416812b13f6/detection

skins-charlotte-personals-ie.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/a9ccacced29c90d597a6f3cc610d2c947f8ac96a51d1df0d02eefb7fad4e7100/detection

mind-apple-slightly-twiki.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/d42a15ef4b103c0123ba5e1cdb7ea602475a2a8164adcc71ab32519b65ada7f6/detection

infected-gc-rhythm-yu.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/d42a15ef4b103c0123ba5e1cdb7ea602475a2a8164adcc71ab32519b65ada7f6/detection

longitude-powerpoint-geek-upgrade.trycloudflare.com

# Reference: https://www.virustotal.com/gui/ip-address/45.153.243.106/relations

dejected57.erroton.ru
denial12.artakin.ru
deposit20.artakin.ru

# Reference: https://cyble.com/blog/gamaredons-spear-phishing-assault-on-ukraines-military/

australian-prepared-derek-hands.trycloudflare.com
axxribute-homework-generator-lovers.trycloudflare.com
bush-worcester-houses-statements.trycloudflare.com
charter-blond-desired-promptly.trycloudflare.com
cod-identification-imported-carl.trycloudflare.com
expertise-sir-designs-columbus.trycloudflare.com
molecular-throw-process-dealtime.trycloudflare.com
newbie-housewives-poxxer-trailers.trycloudflare.com
nobody-principal-long-un.trycloudflare.com
strange-hunger-appeared-res.trycloudflare.com
sunrise-massive-joseph-commodities.trycloudflare.com
tracked-radar-ni.trycloudflare.com
wp-acm-configuration-fm.trycloudflare.com

# Reference: https://x.com/fr0s7_/status/1833486689953558594
# Reference: https://www.joesandbox.com/analysis/1508735#iocs
# Reference: https://www.virustotal.com/gui/file/1634e7321d71bcd726183006dfaea071aa38ff31d53d794866e2df6da55611c3/detection

http://50.116.27.201
burriton.ru
11dim.burriton.ru
71asc.burriton.ru
71createobject.burriton.ru
71dim.burriton.ru
71do.burriton.ru
71each.burriton.ru
71expandenvironmentstrings.burriton.ru
71fileexists.burriton.ru
71getobject.burriton.ru
71len.burriton.ru
71openastextstream.burriton.ru
71position.burriton.ru
71responsebody.burriton.ru
71send.burriton.ru
71type.burriton.ru
71until.burriton.ru
71visible.burriton.ru
do23.burriton.ru
expandenvironmentstrings100.burriton.ru
type39.burriton.ru
while55.burriton.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.108.97/relations

send67.wukongo.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.68.235/relations
# Reference: https://www.virustotal.com/gui/file/24e5e1b13c11dcd83f12f0e96cddbd64e315bc503471ecdd57d3f28b8f3d0d35/detection
# Reference: https://www.virustotal.com/gui/file/96de39864adac591ebb7be1c7e93f152006e69183e412b6381eff94dc0b4f870/detection
# Reference: https://www.virustotal.com/gui/file/e80185ce8b2e219602434713bbad6924342c607579121d8c5022a1daa03feb3d/detection

http://172.86.68.235
babaskan.ru
cazav.ru
kvasimmo.ru
mirtogra.ru
mopotran.ru
rotoslav.ru
tomatong.ru
victortes.ru
10getfile.mirtogra.ru
10sleep.mopotran.ru
10visible.mopotran.ru
10while.babaskan.ru
10wscript.mirtogra.ru
11dim.burriton.ru
33deletefile.victortes.ru
55setrequestheader.babaskan.ru
71deletefile.victortes.ru
71each.babaskan.ru
71fileexists.babaskan.ru
71for.babaskan.ru
71openastextstream.victortes.ru
71read.babaskan.ru
71redim.babaskan.ru
71to.babaskan.ru
75openastextstream.victortes.ru
deny10.frastron.ru
eval.babaskan.ru
for10.burriton.ru
ger.cazav.ru
len11.tomatong.ru
loop75.rotoslav.ru
read10.burriton.ru
redim10.tomatong.ru
savetofile11.kvasimmo.ru
type11.kvasimmo.ru
while55.burriton.ru
xor10.burriton.ru

# Reference: https://www.virustotal.com/gui/ip-address/167.88.169.167/relations

kiloprot.ru
71for.kiloprot.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.147.18/relations

71eval.kiloprot.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.132.204/relations

71function.kiloprot.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.111.104/relations

71setrequestheader.babaskan.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.234.34.85/relations

kipasos.ru
soportas.ru
71while.soportas.ru
asc71.kipasos.ru
getfile71.rotoslav.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.232.134.142/relations

huyesosi21.rotoslav.ru
huyesosi78.rotoslav.ru
fsb.huyesosi21.rotoslav.ru
fsb.huyesosi78.rotoslav.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.100.244/relations

45while.soportas.ru
asc88.kipasos.ru

# Reference: https://www.virustotal.com/gui/ip-address/167.88.171.80/relations
# Reference: https://www.virustotal.com/gui/ip-address/167.88.171.81/relations

dim71.kipasos.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.154.175/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.86.76.23/relations

38loop.soportas.ru
6loop.soportas.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.232.216.181/relations

71properties.soportas.ru
71properties_.soportas.ru
deliverance81.artakin.ru
deliverance96.artakin.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.157.16/relations

71chr.mopotran.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.106.243/relations

71close.mopotran.ru
send71.tomatong.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.132.199/relations

71if.mopotran.ru
setrequestheader6668.billonda.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.74.95/relations

71mid.mopotran.ru
write29.bitorgas.ru
write6.bitorgas.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.67.145/relations

71responsebody.mopotran.ru
function54.lovetco.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.152.142/relations

71visible.mopotran.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.109.77/relations

bistorgo.ru
koloprast.ru
71getobject.bistorgo.ru
run2469.koloprast.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.74.103/relations

71sleep.bistorgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.74.41/relations

71deletefile.bistorgo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.59.112.30/relations

grozur.ru
91decline.grozur.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.110.33/relations

podriks.ru
52decline.grozur.ru
while116.podriks.ru

# Reference: https://www.virustotal.com/gui/ip-address/167.88.173.250/relations

leorius.ru
87delusion.grozur.ru
setrequestheader43.leorius.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.155.120/relations

8decline.grozur.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.124.189/relations

66properties_.leorius.ru
95decrepit.grozur.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.155.90/relations

31chr.leorius.ru
63chr.leorius.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.141.107/relations

67chr.leorius.ru
77chr.leorius.ru

# Reference: https://x.com/fuyinglab/status/1834536019296694316
# Reference: https://www.virustotal.com/gui/file/56439db8dad8fa4baf6f9ba0f7143c5be2f2e0f22f585c273eb0da961604546a/detection

faith48.legolaba.ru
salts.faith48.legolaba.ru
/USER-ПК/perceived.accdw
/USER-%D0%9F%D0%9A/perceived.accdw

# Reference: https://www.virustotal.com/gui/ip-address/77.232.42.117/relations

rus.cazav.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.158.142/relations

defense78.frastron.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.149.37/relations

milotran.ru
53declare.milotran.ru
send12.drakhalos.ru
send53.drakhalos.ru

# Reference: https://x.com/StrikeReadyLabs/status/1836490890388607266
# Reference: https://www.virustotal.com/gui/file/108064179c58909bde4df41eda5540b65c6aaa8c75db7b6af38746124ad80d21/detection

voip-apartments-clicks-briefly.trycloudflare.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.153.116/relations

practicas.ru
while1015.podriks.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.39.204.39/relations

while1805.podriks.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.143.20/relations

botrovis.ru
continiym.ru
fartodti.ru
huskino.ru
ostracise.ru
shazar.ru
65getobject.bistorgo.ru
88while.vitorog.ru
asc82.visiksat.ru
chr66.mashalled.ru
createobject75.mitrala.ru
decorate48.visiksa.ru
deliverance1.artakin.ru
deliverance57.artakin.ru
dim55.botrovis.ru
eval54.mashalled.ru
expandenvironmentstrings71.shazar.ru
for75.geminiso.ru
function2325.fartodti.ru
function67.ostracise.ru
getfile66.drakhalos.ru
if56.fortunatos.ru
if75.monitral.ru
if78.fortunatos.ru
openastextstream54.mashalled.ru
position1568.huskino.ru
position71.elvalos.ru
send75.mashalled.ru
set54.mashalled.ru
setrequestheader71.balduron.ru
type82.visiksat.ru
visible29.mitralos.ru
visible71.mitrala.ru
while22.continiym.ru
while75.mashalled.ru
while88.mashalled.ru
wscript75.mashalled.ru
xor75.aluran.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.134.25/relations

for71.fartodti.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.134.78/relations

33function.vitorog.ru
44position.vitorog.ru
71setrequestheader.soprorotos.ru
81dim.vitorog.ru
each22.ostracise.ru
for34.continiym.ru
position21.ostracise.ru
send32.continiym.ru
set66.botrovis.ru
while71.continiym.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.76.117/relations

71function.vitorog.ru
dim71.botrovis.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.234.27.8/relations

run1111.huskino.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.77.106/relations

dim71.huskino.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.110.37/relations

setrequestheader79.ostracise.ru

# Reference: https://x.com/StrikeReadyLabs/status/1839362410836316267
# Reference: https://www.virustotal.com/gui/file/f64698a6d2616c2115c1aeb8650e342f1f61a5d5504e3ca5ba6b374402a4a578/detection

respected-configuring-barbados-failing.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/016895b96c61cf1e3ee7ac35f99f86366186b0366d36eb9cd1b14736bdcb647d/detection

founder-hd-syndication-cross.trycloudflare.com

# Reference: https://x.com/StrikeReadyLabs/status/1841837360503296217
# Reference: https://www.virustotal.com/gui/file/24e06aaef6a7853abb7bb366655c850501b33ffe01351fee8c6ac0bce98518af/detection

pike-fw-decorative-herb.trycloudflare.com

# Reference: https://x.com/StrikeReadyLabs/status/1844074310161322039
# Reference: https://raw.githubusercontent.com/StrikeReady-Inc/samples/refs/heads/main/2024-10-09%20gamaredon%20new%20lnk/urls.txt

http://167.88.168.210
barbara-beliefs-sk-deny.trycloudflare.com
condo-ethiopia-giants-del.trycloudflare.com
dealer-dans-told-words.trycloudflare.com
deny-webshots-hudson-verbal.trycloudflare.com
meal-organization-villages-oops.trycloudflare.com
painful-pam-noise-operating.trycloudflare.com
reliability-queensland-successfully-contracting.trycloudflare.com
tom-quest-theta-master.trycloudflare.com

# Reference: https://www.virustotal.com/gui/ip-address/144.172.76.65/relations

71fileexists.babaskan.ru

# Reference: https://x.com/StrikeReadyLabs/status/1846328593229733959
# Reference: https://www.virustotal.com/gui/file/5cceaa7da4fad7bae4e676922b0a99c55c3839755b5d8040981f42326ac47951/detection

wound-sets-walked-servers.trycloudflare.com
/oda/delightIAg/shockheR.epub

# Reference: https://x.com/malwrhunterteam/status/1846653841921474696
# Reference: https://www.virustotal.com/gui/file/a7d4ebad66c6dbe0a0d74d1e093bfdda79c90480614719dd3f2368960e95321f/detection
# Reference: https://www.virustotal.com/gui/file/660d1802bb0320097a09e43010346b4767767293ed31bb8c1ec6a2a14efc8997/detection

cope-amounts-quiz-lewis.trycloudflare.com
/sus/growth/barbara.epub
/sus/refreshment/quit.epub

# Reference: https://x.com/StrikeReadyLabs/status/1847265540840022245
# Reference: https://www.virustotal.com/gui/file/421e4cdc2ed56137dfd4876bb8f360b9def400d3ba50d1c12785ecfa79ba14ed/detection

corner-compiled-connect-acceptance.trycloudflare.com
len-visible-do.trycloudflare.com
write-close-wscript.trycloudflare.com
/SsU/postalU3B/angryalu.epub

# Reference: https://www.virustotal.com/gui/ip-address/104.194.134.81/relations

40decorate.ludoida.ru
61decorate.ludoida.ru
71mid.burriton.ru
deliverance37.artakin.ru
deliverance78.artakin.ru
deliverance80.artakin.ru
send71.continiym.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.135.47/relations

71eval.burriton.ru
deliverance4.artakin.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.147.86/relations

fahrakin.ru
feorant.ru
golfaris.ru
monkyking.ru
notoros.ru
regotras.ru
retrop.ru
rotosa.ru
secretah.ru
sifiro.ru
siphorov.ru
tarapost.ru
virobas.ru
100destroyed.vifpor.ru
14decoy.accountand.ru
15decoy.accountand.ru
15mid.victortes.ru
16mid.victortes.ru
1mid.tarapost.ru
22decoy.accountand.ru
23decimal.eldjip.ru
26des.ludoida.ru
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.victortes.ru
32defender.vifpor.ru
32desolate.ludoida.ru
33departure.accountand.ru
40mid.tarapost.ru
42deceptive.eldjip.ru
50decay.ludoida.ru
53destroyed.vifpor.ru
55deceptive.eldjip.ru
57departure.accountand.ru
59departure.accountand.ru
59destroyed.vifpor.ru
5deceptive.eldjip.ru
5mid.tarapost.ru
60departure.accountand.ru
60mid.tarapost.ru
63mid.tarapost.ru
64decoy.vifpor.ru
67des.ludoida.ru
67destroyed.vifpor.ru
69deceptive.eldjip.ru
6deception.ludoida.ru
71loop.mopotran.ru
71redim.mopotran.ru
71run.mopotran.ru
71sleep.mopotran.ru
72decide.milotran.ru
73deceptive.eldjip.ru
74departure.accountand.ru
75destroyed.vifpor.ru
77run.soportas.ru
79404067c69baddb2dd1344005794720.aluran.ru
80decimal.eldjip.ru
82des.ludoida.ru
85deception.ludoida.ru
86mid.tarapost.ru
88dentist.ludoida.ru
88destroyed.vifpor.ru
93destroyed.vifpor.ru
97mid.tarapost.ru
9destroyed.vifpor.ru
a7748b75fee0f04f890d0ab30735f5a0.monkyking.ru
asc2449.koloprast.ru
asc6686.koloprast.ru
asc73.lovetco.ru
b1651ec657aa605dcfba1b347a8953b0.artakin.ru
bc02ea93cb6ba20ae124cbff0cecd045.balduron.ru
createobject100.drakhalos.ru
createobject29.drakhalos.ru
debts17.trunda.ru
debts5.artakin.ru
deceived1.artakin.ru
deceived18.nododru.ru
deceived36.nododru.ru
deceived42.nododru.ru
deceived62.calclus.ru
deceived9.calclus.ru
deceptive20.regotras.ru
deceptive30.secretah.ru
deceptive35.regotras.ru
deceptive7.regotras.ru
decide25.frastron.ru
decidedly86.hitorova.ru
decimal15.calclus.ru
decimal5.visiksa.ru
decision10.siphorov.ru
decision100.golfaris.ru
decision16.siphorov.ru
decision18.golfaris.ru
decision23.siphorov.ru
decision29.golfaris.ru
decision54.siphorov.ru
decision65.golfaris.ru
decision7.siphorov.ru
decision72.siphorov.ru
decision98.golfaris.ru
decisive76.frastron.ru
deck44.golfaris.ru
deck63.golfaris.ru
deck71.golfaris.ru
deck81.frastron.ru
declaration16.monkyking.ru
declaration25.monkyking.ru
declaration46.monkyking.ru
declaration60.monkyking.ru
declaration81.monkyking.ru
declaration88.monkyking.ru
declaration94.monkyking.ru
declare10.calclus.ru
declare46.calclus.ru
declared93.visiksa.ru
decline11.calclus.ru
decline86.calclus.ru
declined92.frastron.ru
decorate82.artakin.ru
decree61.golfaris.ru
decree92.artakin.ru
decrepit9.calclus.ru
dedicate1.sifiro.ru
dedicate39.monkyking.ru
dedicate53.sifiro.ru
dedicate54.erroton.ru
dedicate77.sifiro.ru
deed46.frastron.ru
deed69.frastron.ru
deeper21.rotosa.ru
deeper57.rotosa.ru
default50.hitorova.ru
default78.regotras.ru
defeat10.visiksa.ru
defeat100.regotras.ru
defeat12.visiksa.ru
defeat28.regotras.ru
defeat66.regotras.ru
defeat75.regotras.ru
defeat86.regotras.ru
defeat87.regotras.ru
defeat88.visiksa.ru
defect27.frastron.ru
defect50.fahrakin.ru
defect55.frastron.ru
defect79.frastron.ru
defect90.frastron.ru
defective40.rotosa.ru
defective43.rotosa.ru
defective74.rotosa.ru
defective80.rotosa.ru
defence2.sifiro.ru
defend46.monkyking.ru
defender25.secretah.ru
defender94.secretah.ru
defense18.frastron.ru
defense2.frastron.ru
defense57.regotras.ru
defensive51.frastron.ru
defensive60.frastron.ru
defiance90.rotosa.ru
defined24.hitorova.ru
defined27.hitorova.ru
defined32.hitorova.ru
defined59.hitorova.ru
defined75.hitorova.ru
defined77.hitorova.ru
definite84.tomatron.ru
definitely42.rotosa.ru
definition39.artakin.ru
definition69.artakin.ru
defy66.calclus.ru
defy90.calclus.ru
degrade49.sifiro.ru
degree16.sifiro.ru
degree24.sifiro.ru
degree86.frastron.ru
deity19.golfaris.ru
deity94.rotosa.ru
delayed100.siphorov.ru
delayed13.artakin.ru
delayed28.siphorov.ru
delayed58.siphorov.ru
deliberate35.hitorova.ru
deliberate65.calclus.ru
deliberate73.calclus.ru
deliberate78.calclus.ru
delicacy33.calclus.ru
delicate36.hitorova.ru
delicate38.hitorova.ru
delicate55.hitorova.ru
delicate85.hitorova.ru
delicate96.hitorova.ru
delicate97.hitorova.ru
delicious30.regotras.ru
delicious44.regotras.ru
delicious6.regotras.ru
delight35.artakin.ru
delight51.secretah.ru
delight71.golfaris.ru
delighted40.virobas.ru
delighted44.virobas.ru
delighted58.fahrakin.ru
delighted7.fahrakin.ru
delighted7.virobas.ru
delighted74.virobas.ru
delighted8.virobas.ru
delighted81.virobas.ru
delighted86.virobas.ru
delighted87.fahrakin.ru
delighted98.virobas.ru
delightful10.golfaris.ru
delightful45.golfaris.ru
delirium100.siphorov.ru
delirium15.rotosa.ru
delirium32.rotosa.ru
delirium39.rotosa.ru
delirium75.siphorov.ru
delirium77.feorant.ru
delirium89.rotosa.ru
deliverance46.artakin.ru
deliverance54.artakin.ru
deliverance58.artakin.ru
deliverance70.artakin.ru
deliverance76.artakin.ru
deliverance87.artakin.ru
deliverance96.sifiro.ru
delivery61.rotosa.ru
delivery78.rotosa.ru
deluge95.monkyking.ru
delusion53.siphorov.ru
delve16.monkyking.ru
delve20.monkyking.ru
delve30.monkyking.ru
delve37.golfaris.ru
delve38.monkyking.ru
delve4.frastron.ru
delve95.monkyking.ru
demand15.secretah.ru
demand56.secretah.ru
demand70.secretah.ru
demanded10.calclus.ru
demanded16.calclus.ru
demanded17.artakin.ru
demanded20.calclus.ru
demanded24.artakin.ru
demanded4.calclus.ru
demanded46.calclus.ru
demanded61.secretah.ru
demanded87.artakin.ru
demonstration92.hitorova.ru
den10.regotras.ru
den55.sifiro.ru
den61.regotras.ru
den70.sifiro.ru
denial22.notoros.ru
denial36.secretah.ru
denial42.notoros.ru
denial5.sifiro.ru
denial58.notoros.ru
denial65.notoros.ru
denial72.sifiro.ru
denial78.notoros.ru
denial82.notoros.ru
denial85.secretah.ru
denial90.notoros.ru
dense2.rotosa.ru
dense80.rotosa.ru
deny17.visiksa.ru
deny33.visiksa.ru
depart84.siphorov.ru
departed67.monkyking.ru
departed67.sifiro.ru
departed76.sifiro.ru
departments3.hitorova.ru
depend37.regotras.ru
depend42.regotras.ru
depend43.regotras.ru
depend49.regotras.ru
dependant47.hitorova.ru
depended100.frastron.ru
depended11.calclus.ru
depended13.frastron.ru
depended21.frastron.ru
depended28.calclus.ru
depended47.calclus.ru
depended53.frastron.ru
depended61.calclus.ru
depended62.frastron.ru
depended75.frastron.ru
depended79.frastron.ru
depended82.frastron.ru
depended96.frastron.ru
deplore10.artakin.ru
deplore34.artakin.ru
deplore38.artakin.ru
deplore6.artakin.ru
deplore65.regotras.ru
deplore68.monkyking.ru
deplore7.artakin.ru
deplore7.calclus.ru
deploy35.golfaris.ru
deploy59.golfaris.ru
deploy62.frastron.ru
deploy67.frastron.ru
deploy7.sifiro.ru
deployment80.artakin.ru
deposit30.artakin.ru
depths1.feorant.ru
depths10.feorant.ru
depths12.feorant.ru
depths14.feorant.ru
depths15.feorant.ru
depths18.feorant.ru
depths22.feorant.ru
depths28.feorant.ru
depths30.feorant.ru
depths4.feorant.ru
depths51.feorant.ru
depths66.feorant.ru
depths73.feorant.ru
depths76.feorant.ru
depths77.feorant.ru
depths8.feorant.ru
depths81.feorant.ru
depths94.feorant.ru
depths95.feorant.ru
deputy53.calclus.ru
deputy70.calclus.ru
deputy91.artakin.ru
derived19.siphorov.ru
derived51.siphorov.ru
derived8.siphorov.ru
des92.golfaris.ru
descend11.rotosa.ru
descendant20.regotras.ru
descended39.frastron.ru
descended83.golfaris.ru
descent43.visiksa.ru
descent92.frastron.ru
describe48.sifiro.ru
describe88.siphorov.ru
description63.tomatron.ru
description84.tomatron.ru
desert10.regotras.ru
desert35.regotras.ru
desert44.regotras.ru
desert60.frastron.ru
desert76.frastron.ru
deserted97.artakin.ru
deserter16.frastron.ru
deserter4.notoros.ru
deserter92.frastron.ru
deserter93.frastron.ru
deserved17.calclus.ru
deserved2.calclus.ru
deserved73.tomatron.ru
deserves100.golfaris.ru
deserves12.golfaris.ru
deserves28.golfaris.ru
deserves38.hitorova.ru
deserves44.golfaris.ru
deserves56.hitorova.ru
deserves61.trunda.ru
deserves63.hitorova.ru
deserves7.golfaris.ru
deserves75.golfaris.ru
deserves91.golfaris.ru
deserves93.rotosa.ru
design81.regotras.ru
designed2.sifiro.ru
designed42.sifiro.ru
designed45.artakin.ru
designed97.sifiro.ru
designer3.sifiro.ru
designer34.virobas.ru
designer61.sifiro.ru
designer86.regotras.ru
designs40.golfaris.ru
designs61.golfaris.ru
designs7.golfaris.ru
desirable100.calclus.ru
desirable3.calclus.ru
desirable47.calclus.ru
desirable50.calclus.ru
desirable53.calclus.ru
desirable56.sifiro.ru
desirable70.calclus.ru
desirable81.frastron.ru
desirable91.frastron.ru
desirable99.calclus.ru
desire14.golfaris.ru
desire15.virobas.ru
desire46.hitorova.ru
desire75.virobas.ru
desired35.frastron.ru
desk33.regotras.ru
desk8.rotosa.ru
desk89.secretah.ru
desolate20.tomatron.ru
desolate46.frastron.ru
desolate56.tomatron.ru
desolate6.tomatron.ru
desolate61.tomatron.ru
desolate69.tomatron.ru
desolate70.tomatron.ru
desperate15.calclus.ru
desperate28.calclus.ru
desperate39.calclus.ru
desperate43.calclus.ru
desperate47.calclus.ru
desperate57.calclus.ru
desperate65.calclus.ru
desperate92.calclus.ru
desperately42.secretah.ru
desperately5.secretah.ru
desperately70.secretah.ru
desperately75.secretah.ru
desperately89.secretah.ru
despise12.visiksa.ru
despise39.frastron.ru
despise71.frastron.ru
despite38.artakin.ru
despite89.siphorov.ru
destitute20.visiksa.ru
destitute51.visiksa.ru
destitute7.visiksa.ru
destroyed27.regotras.ru
destroyed3.regotras.ru
destroyed47.monkyking.ru
destroyed53.regotras.ru
destroyed69.regotras.ru
destroyer26.hitorova.ru
destroyer67.hitorova.ru
destruction10.artakin.ru
destruction33.monkyking.ru
destruction99.regotras.ru
detached15.rotosa.ru
detached18.rotosa.ru
detached30.rotosa.ru
detached44.rotosa.ru
detached45.rotosa.ru
detached49.rotosa.ru
detached57.rotosa.ru
detached63.rotosa.ru
detached68.rotosa.ru
detached81.rotosa.ru
detachment27.artakin.ru
detail13.frastron.ru
detail22.frastron.ru
detail46.sifiro.ru
detail55.sifiro.ru
detail87.frastron.ru
dim2.replacemend.ru
dim33.replacemend.ru
dim39.replacemend.ru
dim418.koloprast.ru
dim44.replacemend.ru
dim63.replacemend.ru
dim77.replacemend.ru
dim84.replacemend.ru
dim93.replacemend.ru
each26.mashalled.ru
each79.mashalled.ru
etcdg63do.vitorog.ru
eval1352.billonda.ru
eval1579.billonda.ru
eval3712.billonda.ru
eval485.billonda.ru
expandenvironmentstrings37.nandayo.ru
expandenvironmentstrings72.nandayo.ru
feff88919a74ffb359052811ce9cea3e.visiksa.ru
function23.replacemend.ru
function55.replacemend.ru
function83.replacemend.ru
getfile16.replacemend.ru
getfile55.replacemend.ru
getfile6.replacemend.ru
getfile63.replacemend.ru
getfile71.replacemend.ru
getfile77.replacemend.ru
getfile84.replacemend.ru
getobject2.replacemend.ru
getobject21.replacemend.ru
getobject37.replacemend.ru
getobject49.replacemend.ru
getobject54.replacemend.ru
getobject76.replacemend.ru
getobject84.vukongos.ru
loop16.mitrala.ru
loop2.mitrala.ru
loop27.mitrala.ru
loop28.mitrala.ru
loop41.mitrala.ru
loop44.mitrala.ru
loop46.mitrala.ru
loop58.mitrala.ru
loop59.mitrala.ru
loop7.mitrala.ru
loop75.mitrala.ru
loop85.mitrala.ru
loop89.mitrala.ru
loop9.mitrala.ru
loop99.nandayo.ru
mail.retrop.ru
mid1683.aluran.ru
mid1733.aluran.ru
mid2792.aluran.ru
mid42.mashalled.ru
mid4592.aluran.ru
mid54.mashalled.ru
mid5588.aluran.ru
mid5729.aluran.ru
mid582.aluran.ru
mid666.aluran.ru
mid92.mashalled.ru
mid99.mashalled.ru
openastextstream3.nandayo.ru
openastextstream79.mashalled.ru
openastextstream8.mashalled.ru
openastextstream93.mashalled.ru
privacy.calclus.ru
qunbmrmbjbg.ludoida.ru
random.victortes.ru
read6271.koloprast.ru
redim286.koloprast.ru
redim2971.koloprast.ru
redim3930.koloprast.ru
redim4850.koloprast.ru
run1161.fartodti.ru
run13.mitrala.ru
run16.mitrala.ru
run2149.koloprast.ru
run2826.koloprast.ru
run30.mitrala.ru
run3072.koloprast.ru
run320.koloprast.ru
run3230.fartodti.ru
run3736.fartodti.ru
run6881.fartodti.ru
run7533.fartodti.ru
run88.mitrala.ru
run90.mitrala.ru
sangbvisible9.aluran.ru
send22.mashalled.ru
send92.mashalled.ru
send99.mashalled.ru
set1508.aluran.ru
set2.replacemend.ru
set2061.aluran.ru
set2193.aluran.ru
set23.replacemend.ru
set2593.aluran.ru
set27.replacemend.ru
set2878.aluran.ru
set304.aluran.ru
set33.replacemend.ru
set35.replacemend.ru
set3635.aluran.ru
set4139.aluran.ru
set4265.aluran.ru
set4449.aluran.ru
set47.replacemend.ru
set5288.aluran.ru
set5392.aluran.ru
set54.replacemend.ru
set55.replacemend.ru
set59.replacemend.ru
set692.aluran.ru
set77.replacemend.ru
set83.replacemend.ru
set93.replacemend.ru
setrequestheader5288.billonda.ru
setrequestheader903.billonda.ru
sleep11.replacemend.ru
sleep12.lovetco.ru
sleep22.lovetco.ru
sleep25.replacemend.ru
sleep2649.aluran.ru
sleep2757.aluran.ru
sleep31.lovetco.ru
sleep4.lovetco.ru
sleep4311.aluran.ru
sleep45.replacemend.ru
sleep5.lovetco.ru
sleep50.lovetco.ru
sleep51.replacemend.ru
sleep5159.aluran.ru
sleep54.lovetco.ru
sleep60.replacemend.ru
sleep68.replacemend.ru
sleep7131.aluran.ru
sleep73.vukongos.ru
sleep75.lovetco.ru

# Reference: https://x.com/k3yp0d/status/1847907661297119653
# Reference: https://www.virustotal.com/gui/file/b3774a90a032cfb5be6cb12f0f4d8aee55d1452c1bbbbb18a056f34cdb89af1b/detection

think-crash-shows-circus.trycloudflare.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.154.243/relations

deceptive100.secretah.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.74.118/relations

deceptive97.secretah.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.142.61/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.10.19.128/relations

delay59.secretah.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.150.26/relations

hoportin.ru
muchkino.ru
rondario.ru
038422dd0aa7bc54f58f64956b4d8724.hitorova.ru
17decline.accountand.ru
24decide.milotran.ru
24departure.accountand.ru
26mid.tarapost.ru
28deceptive.eldjip.ru
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.bistorgo.ru
37mid.tarapost.ru
43destroyed.vifpor.ru
43mid.tarapost.ru
44departure.accountand.ru
46desolate.ludoida.ru
46mid.tarapost.ru
49departure.accountand.ru
52destroyed.vifpor.ru
56run.soportas.ru
59deceptive.eldjip.ru
64departure.accountand.ru
65definition.ninjagoa.ru
65des.ludoida.ru
68defensive.rondario.ru
6eabdd41fabd0879cdcf7edbe9731ecc.eldjip.ru
71each.mopotran.ru
82destroyed.vifpor.ru
85mid.victortes.ru
89mid.tarapost.ru
8b4c0e2c03bc9fc187add6fd5b696185.muchkino.ru
92destroyed.vifpor.ru
94departure.accountand.ru
96deceptive.eldjip.ru
b5d813d6990abe4515118b5eaaf0a0ff.muchkino.ru
bb97248e18e270060e8d8d7101a88022.kandrafolos.ru
cf99ae01f48fa54c982e28ebb736cbe3.ludoida.ru
createobject5224.fartodti.ru
createobject63.drakhalos.ru
createobject68.drakhalos.ru
createobject7368.fartodti.ru
debts14.visiksa.ru
deceived40.nododru.ru
deceived52.calclus.ru
deceived52.nododru.ru
deceptive26.regotras.ru
deceptive31.regotras.ru
decide8.frastron.ru
decided37.virobas.ru
decidedly56.hitorova.ru
decidedly9.hitorova.ru
decidedly92.frastron.ru
decimal2.visiksa.ru
decision60.siphorov.ru
decision85.siphorov.ru
decision88.siphorov.ru
decisive28.secretah.ru
declaration79.monkyking.ru
declaration95.monkyking.ru
decline2.frastron.ru
decree97.golfaris.ru
dedicate11.sifiro.ru
dedicate9.gitorfa.ru
deduction13.calclus.ru
default24.hitorova.ru
default5.regotras.ru
default53.regotras.ru
default55.regotras.ru
default67.regotras.ru
defeat55.regotras.ru
defeat61.regotras.ru
defect59.frastron.ru
defect65.frastron.ru
defect80.frastron.ru
defect94.frastron.ru
defence39.sifiro.ru
defence46.sifiro.ru
defend52.virobas.ru
defined35.hitorova.ru
defined46.hitorova.ru
defined8.hitorova.ru
definite75.tomatron.ru
definitely2.monkyking.ru
definitely43.monkyking.ru
definitely45.monkyking.ru
definitely59.monkyking.ru
definitely84.frastron.ru
definitely84.monkyking.ru
definition33.artakin.ru
definition47.artakin.ru
deity51.hitorova.ru
delayed17.siphorov.ru
delayed92.visiksa.ru
delayed96.fahrakin.ru
delete43.secretah.ru
deliberate2.hitorova.ru
deliberately19.virobas.ru
delicate33.hitorova.ru
delicate37.hitorova.ru
delicate67.hitorova.ru
delicate87.visiksa.ru
delicious21.regotras.ru
delicious92.regotras.ru
delicious92.visiksa.ru
delight16.golfaris.ru
delighted4.virobas.ru
delighted41.fahrakin.ru
delighted91.virobas.ru
delighted94.virobas.ru
delirium10.siphorov.ru
delirium14.siphorov.ru
delirium34.rotosa.ru
delirium50.rotosa.ru
delirium58.rotosa.ru
delirium84.rotosa.ru
delirium97.rotosa.ru
delivery45.rotosa.ru
delivery48.rotosa.ru
deluge82.monkyking.ru
delve29.monkyking.ru
delve34.golfaris.ru
delve53.frastron.ru
delve57.monkyking.ru
demanded1.calclus.ru
demanded13.frastron.ru
demanded39.secretah.ru
demanded49.calclus.ru
demanded5.artakin.ru
demanded55.artakin.ru
den32.sifiro.ru
den45.sifiro.ru
den47.regotras.ru
denial18.notoros.ru
denial82.sifiro.ru
denote19.calclus.ru
denote83.regotras.ru
denote87.hitorova.ru
dense22.rotosa.ru
dependant69.artakin.ru
depended48.frastron.ru
depended51.notoros.ru
depended54.frastron.ru
depended74.calclus.ru
deplore1.artakin.ru
deplore11.regotras.ru
deplore27.monkyking.ru
deplore99.artakin.ru
deploy36.sifiro.ru
deploy46.sifiro.ru
deploy77.sifiro.ru
deposit79.artakin.ru
deprive43.rotosa.ru
depth54.siphorov.ru
depth81.siphorov.ru
depths21.feorant.ru
depths26.feorant.ru
depths35.feorant.ru
depths43.feorant.ru
depths47.feorant.ru
depths60.feorant.ru
depths61.feorant.ru
depths75.feorant.ru
deputy19.sifiro.ru
derived38.siphorov.ru
derived79.notoros.ru
descend9.notoros.ru
descended33.frastron.ru
descent14.visiksa.ru
descent58.regotras.ru
descent68.visiksa.ru
describe41.rotosa.ru
describe54.artakin.ru
description94.tomatron.ru
desert36.regotras.ru
desert48.frastron.ru
desert94.regotras.ru
deserved52.tomatron.ru
deserved74.calclus.ru
deserves16.trunda.ru
deserves3.hitorova.ru
deserves35.golfaris.ru
deserves45.golfaris.ru
deserves56.golfaris.ru
deserves9.golfaris.ru
deserves90.golfaris.ru
deserves93.golfaris.ru
deserves95.golfaris.ru
deserves95.hitorova.ru
deserves97.golfaris.ru
designer55.sifiro.ru
designs14.golfaris.ru
designs28.golfaris.ru
designs53.golfaris.ru
designs64.golfaris.ru
designs87.golfaris.ru
desirable13.frastron.ru
desirable19.frastron.ru
desirable2.calclus.ru
desirable51.calclus.ru
desirable60.frastron.ru
desirable86.frastron.ru
desirable89.calclus.ru
desire93.virobas.ru
desk28.regotras.ru
desolate71.frastron.ru
desperate25.calclus.ru
desperately69.secretah.ru
desperately72.secretah.ru
desperately73.secretah.ru
destitute60.visiksa.ru
destitute83.visiksa.ru
destruction48.rotosa.ru
detached34.rotosa.ru
detached76.rotosa.ru
detail19.frastron.ru
detail77.frastron.ru
dim2331.koloprast.ru
dim28.replacemend.ru
dim2815.koloprast.ru
e3d6c2f45638df63636c0a614a15bbe9.kaelos.ru
each46.mashalled.ru
each49.mashalled.ru
each51.mashalled.ru
each92.mashalled.ru
eval4742.billonda.ru
expandenvironmentstrings46.nandayo.ru
for87.balduron.ru
function21.replacemend.ru
getfile37.replacemend.ru
getfile45.replacemend.ru
getfile57.replacemend.ru
getfile68.replacemend.ru
getobject28.replacemend.ru
getobject39.replacemend.ru
len3596.koloprast.ru
loop24.mitrala.ru
loop39.mitrala.ru
loop76.mitrala.ru
loop88.mitrala.ru
mid4420.aluran.ru
mid5806.aluran.ru
openastextstream63.mashalled.ru
random.bistorgo
random.bistorgo.ru
run1903.fartodti.ru
run20.mitrala.ru
run4825.fartodti.ru
send27.mashalled.ru
set28.replacemend.ru
set76.replacemend.ru
set87.replacemend.ru
set95.replacemend.ru
sleep100.replacemend.ru
sleep1086.aluran.ru
sleep13.lovetco.ru
sleep1304.aluran.ru
sleep17.replacemend.ru
sleep19.lovetco.ru
sleep21.replacemend.ru
sleep333.aluran.ru
sleep44.replacemend.ru
sleep4705.aluran.ru
sleep5752.aluran.ru
sleep64.replacemend.ru
sleep6902.aluran.ru
sleep70.lovetco.ru
sleep70.replacemend.ru
sleep76.lovetco.ru
sleep82.replacemend.ru
sleep83.lovetco.ru
sleep83.replacemend.ru
sleep97.lovetco.ru
sleep98.lovetco.ru
smtp.ludoida.ru
to25.monitral.ru
to6.monitral.ru
until31.mitrala.ru
until82.mitrala.ru
vthaervoyfk.muchkino.ru
while2.mashalled.ru
while4920.hoportin.ru
while5578.hoportin.ru
while68.mashalled.ru
while76.mashalled.ru
while9.mashalled.ru
write136.koloprast.ru
write2381.koloprast.ru
write257.koloprast.ru
write56.aluran.ru
xor39.nandayo.ru

# Reference: https://www.virustotal.com/gui/ip-address/45.61.159.101/relations

delicacy57.secretah.ru
delicacy94.secretah.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.111.72/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.59.112.201/relations

degrade13.sifiro.ru
deliberate16.siphorov.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.156.109/relations

62mid.tarapost.ru

# Reference: https://app.validin.com/detail?find=144.172.111.10&type=ip4&ref_id=73abe679d34#tab=resolutions

gurat.ru
hukor.ru
jugas.ru
kilob.ru
tumah.ru
mail.jugas.ru

# Reference: https://x.com/StrikeReadyLabs/status/1859662881152958716
# Reference: https://www.virustotal.com/gui/file/e4a37b32cf293db17ba9869113bdb06853018ad7777f0b57f8fb705cd218a9ba/detection

fantasy-cave-c-emission.trycloudflare.com
/ssU/obligationrTB.webp

# Reference: https://www.virustotal.com/gui/ip-address/45.95.233.84/relations

amazing96.detroito.ru
navigation.amazing96.detroito.ru
tarn.forensit.ru

# Reference: https://x.com/JRehbergCSK/status/1860762095001710924
# Reference: https://www.virustotal.com/gui/file/d8e411c3567c26faf2f4ec4708c5acbaab7ced89f62ca77d1a48a38387103363/detection

http://144.172.76.40
aguas.ru
bulyabo.ru
chokopan.ru
darknesso.ru
dvadrugash.ru
golopras.ru
kingandsh.ru
lihoradit.ru
mirroran.ru
nodovat.ru
nopolras.ru
nushtosh.ru
sivirtop.ru
vodosmot.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.133.4/relations

for1000.sivirtop.ru
sleep726.chokopan.ru
write931.chokopan.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.194.140.103/relations
# Reference: https://www.virustotal.com/gui/file/8bb5cf965f95eabc8a04a1a12a1ddb3c258c50172efb2d98f4aebe84f408e3cc/detection

42redim.mirroran.ru
54redim.mirroran.ru
91redim.mirroran.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.233.201.21/relations

dim71.nopolras.ru
getobject71.nopolras.ru

# Reference: https://www.virustotal.com/gui/ip-address/134.122.127.88/relations

46for.vodosmot.ru
98for.vodosmot.ru

# Reference: https://www.virustotal.com/gui/ip-address/139.162.37.55/relations

esoque.ru
mumbradi.ru
nomame.ru

# Reference: https://www.virustotal.com/gui/ip-address/62.60.157.183/relations

igelekle.ru
egebox.igelekle.ru

# Reference: https://x.com/blackorbird/status/1864265858421543149
# Reference: https://mp.weixin.qq.com/s/3lmwcYC8ep8OzQUxdBYdCQ

isp-quotes-yemen-spectrum.trycloudflare.com
/sbu/broadcastingJTc/festivaljcO.epub
/sbu/broadcastingJTc/
/broadcastingJTc/festivaljcO.epub
/broadcastingJTc/
/festivaljcO.epub

# Reference: https://x.com/WhichbufferArda/status/1865043823207796759
# Reference: https://www.virustotal.com/gui/file/b5d59bb932843ca58c29971e73edfe642731701f29133eb1cfb8841e198d567f/detection
# Reference: https://www.virustotal.com/gui/file/1e65f4064489cc9708275ac61c570c1d74536f88b7664b6549679188f083e10a/detection
# Reference: https://www.virustotal.com/gui/file/448f76b50df697f0f756184774a6e7ed7f3b54ed58b326d92c380d74925ba132/detection
# Reference: https://www.virustotal.com/gui/file/aa62e334684813c3c214d8dd126ee713f3f176cbb6991061f4eb5ab296f2aa06/detection

http://194.58.66.173
entities-important-surgeon-ever.trycloudflare.com
/gpU/adriftKk4.webp
/gpU/gatheringRWE.webp
/gpU/instrumentXHv.webp
/gpU/sadnuG.webp
/adriftKk4.webp
/gatheringRWE.webp
/instrumentXHv.webp
/sadnuG.webp

# Reference: https://www.virustotal.com/gui/file/064101b1427ae30412a6ebcae19ffa76155651293e198b1044ccbc25ced03f53/detection

newbie-housewives-potter-trailers.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/0ed8c8cc84d50a025020694d5dc6ba7e7080221a69f2951326a78cb45150e0fd/detection

puzzle-photographers-nitrogen-rod.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/de401b06640d8b40a3cbdf16298f536d6ca2409a15a427b28b9ab8f20e28bdd9/detection

arise-mins-benchmark-japan.trycloudflare.com
/GPukrn/rottenAZS.webp
/rottenAZS.webp

# Reference: https://www.virustotal.com/gui/file/d45694a81991ed5b864394a001c758b49d5ecab8a20ac7e7812bfd3df6f1809c/detection
# Reference: https://www.virustotal.com/gui/file/624da6f79f8271d6eaa97be5a71877ec64cc104696a209fa86827c41cc2f1289/detection

gasoline-covering-sandy-browsing.trycloudflare.com
/MVS/persianpxE.webp
/MVS/phaseM1u.webp
/persianpxE.webp
/phaseM1u.webp

# Reference: https://www.virustotal.com/gui/file/d39aed1a125922f9c69248e22106b0eb004c8707f0e04b57bfd4c9e7260715f3/detection
# Reference: https://www.virustotal.com/gui/file/2c5d4901b0a27f727678c13006a9d2e3f21d017ff42b721282d83519903c36f7/detection
# Reference: https://www.virustotal.com/gui/file/18d2888b9dad001d793e62024803f9389642a88bfc8565b8a52597e41d10b514/detection

assembled-earning-adopt-chose.trycloudflare.com
/MVS/dairycEc.webp
/MVS/photographerXb9.webp
/MVS/salvageXGo.webp
/dairycEc.webp
/photographerXb9.webp
/salvageXGo.webp

# Reference: https://www.virustotal.com/gui/file/c70d745eae2ec7647bcc5fe2537d3816152538ec7dc28b8fa69ea88eff96e0ec/detection
# Reference: https://www.virustotal.com/gui/file/61332b1e78e97d301dc985959969bf1fa33ae0965a4ae55ebdeee56e3b8ff493/detection
# Reference: https://www.virustotal.com/gui/file/19e7f6a4ae6811fd2e5e88a5286c07232a15032e5bb1323365e7d43c6bcbb75d/detection

skating-suggested-break-queries.trycloudflare.com
/Odd/fosterWwg.webp
/Odd/gaspediD0.webp
/Odd/heaph4o.webp
/fosterWwg.webp
/gaspediD0.webp
/heaph4o.webp

# Reference: https://www.virustotal.com/gui/file/bf1bced08791e831c1cef9811e003d5a3958c288bc0f13ef3da4b6617773d1a7/detection
# Reference: https://www.virustotal.com/gui/file/b383331cd3feedc623df6a50c123273bd20b3e6e7eecf68505a74964e4dbf642/detection
# Reference: https://www.virustotal.com/gui/file/86f8ed3e90eb559fcdfee753cabc9fffdb4629a06b8b80a62cf9f91687ba9550/detection
# Reference: https://www.virustotal.com/gui/file/5a5e3c26c0ace2247ee4f38a54338dcb271b618431a1fa0a0988568028aa3a6d/detection

rc-patient-lawyers-eden.trycloudflare.com
/MVd/detectionY8p.webp
/MVd/practicedv2T.webp
/MVd/pinchzvd.webp
/MVd/reluctantEhD.webp
/detectionY8p.webp
/pinchzvd.webp
/practicedv2T.webp
/reluctantEhD.webp

# Reference: https://www.virustotal.com/gui/file/aa31b6bbeea12a76c0b1c9dec9ff58a7e954ba658a49b0373dcc14c240b08c24/detection
# Reference: https://www.virustotal.com/gui/file/3bc41fff7f2badf6d7dd4fa4c020891d09c0e46a01824945b8f2a689d30bb895/detection

sit-se-radios-certain.trycloudflare.com
/Ggur/airportt11.webp
/Ggur/provisionaF9.webp
/airportt11.webp
/provisionaF9.webp

# Reference: https://x.com/JRehbergCSK/status/1865453459958325475
# Reference: https://app.validin.com/detail?find=168.100.11.6&type=ip4#tab=resolutions
# Reference: https://app.validin.com/detail?find=45.61.136.112&type=ip4#tab=resolutions
# Reference: https://app.validin.com/detail?find=64.52.80.163&type=ip4#tab=resolutions

antitrots.ru
bakalchug.ru
fleurina.ru
keeem.ru
lafren.ru
langra.ru
mostugo.ru
neonation.ru
neuviresse.ru
phlovel.ru
prostali.ru
rookida.ru
rudanka.ru
settitle.ru
sheepster.ru
spanishsky.ru
strahovog.ru
studomed.ru
toretsky.ru
vinnichich.ru

# Reference: https://x.com/smica83/status/1865485619406786850
# Reference: https://bazaar.abuse.ch/sample/877bce637c179770c312ada18ac81a644c41af781d0eb4c33761eec7bda22475/
# Reference: https://www.virustotal.com/gui/file/877bce637c179770c312ada18ac81a644c41af781d0eb4c33761eec7bda22475/detection

http://172.232.251.132
gutaf.ru
1716558085.gutaf.ru
1733608815.gutaf.ru
svchost.gutaf.ru

# Reference: https://x.com/TLP_R3D/status/1866044562608959577
# Reference: https://www.virustotal.com/gui/file/b1d767d8df9be64ed6887ac8af94e547d6b9abfde770931fef036fe2a5a2d921/detection

http://194.58.45.189

# Reference: https://x.com/smica83/status/1867475392027672833
# Reference: https://www.virustotal.com/gui/file/ba4dc396ec6fe07cde68affb47338acb1a527eaa537d0e5331aec3a86e88685e/detection

authorized-houses-silent-remind.trycloudflare.com

# Reference: https://x.com/Cyber0verload/status/1867624289937010799
# Reference: https://www.virustotal.com/gui/file/c8a6fc6e9ed82c37f409f97caf8d1258851caaef06d412961303f8bc12bb00df/detection

solution-clear-gap-term.trycloudflare.com
/Od/fattyIjA/darkere26.tif
/Od/fattyIjA/
/fattyIjA/
/fattyIjA/darkere26.tif

# Reference: https://www.virustotal.com/gui/ip-address/167.88.160.86/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.232.251.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.86.80.158/relations

barbadoc.ru
butac.ru
fulagam.ru
hunoi.ru
kilowt.shop
lugaran.ru
pasas.ru
polae.ru
wasic.ru
1733629707.gutaf.ru
1733650406.gutaf.ru
286930261.pasas.ru

# Reference: https://x.com/blackorbird/status/1867758610912305206
# Reference: https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
# Reference: https://www.virustotal.com/gui/ip-address/194.87.216.136/relations
# Reference: https://www.virustotal.com/gui/file/7a8ec25f3d4a5c6b4fbdb1002ce22ff0352ce65c0f4ddc9567458e8fcb964845/detection
# Reference: https://www.virustotal.com/gui/file/f0acf9558b7a4fcdaa119731ad5fb5bbdf5a704c9be9e929735a4679735989db/detection

ollymap.pw
wleak.pw
wstak.pw
llkeyvost.ddns.net
ltkwark.ddns.net
rhythmfunky.ddns.net
sauce-patio.ddns.net
savageprozac.ddns.net
skinpublishing.ddns.net
slopepainting.ddns.net
sonic-needed.ddns.net
stocksharbour.ddns.net
tacticsnovelty.ddns.net
twentymicrophone.ddns.net
waltermanage.ddns.net
warrantiesford.ddns.net
weeklyoptional.ddns.net
yields-drew.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/95.179.188.30/relations

kilotra.ru
neck60.fortuskan.ru
neck75.fortuskan.ru
salary5.mirtokla.ru
salary9.mirtokla.ru

# Reference: https://www.virustotal.com/gui/ip-address/107.189.24.135/relations

intelcphecisvc.bulam.ru
konhost.kilob.ru

# Reference: https://www.virustotal.com/gui/ip-address/139.177.195.52/relations

conhost.kilob.ru

# Reference: https://x.com/Maverits/status/1887126198326632850
# Reference: https://www.virustotal.com/gui/file/44e39caf8c3f1225d761ab6e520d26250d6de5c855241d69b662cdfedb797fc1/detection
# Reference: https://www.virustotal.com/gui/file/690ee37f58d374888117d1f685f73a181b1385cb87c9d7c288166f4ec7a14206/detection

http://194.58.45.81
voters-george-trailers-harbor.trycloudflare.com
voters-user-trailers-harbor.trycloudflare.com
/ssu/based/regards.epub
/ssu/relax/deceive.epub

# Reference: https://x.com/malwrhunterteam/status/1889679723971641748
# Reference: https://www.virustotal.com/gui/file/0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5/detection
# Reference: https://www.virustotal.com/gui/file/367f386780e36b7ad704479b5e95af647f94f0511f3506801391d88148efa62a/detection

vehicle-terror-code-making.trycloudflare.com
/SSU/dipRBX/partnerVdK.tif
/SSU/sniffV09/scatterod6.tif
/SSU/dipRBX/
/SSU/sniffV09/

# Reference: https://x.com/malwrhunterteam/status/1890038780683534771
# Reference: https://www.virustotal.com/gui/file/95f5db1826819d8d61b85eec206ec6cba350ba3fd684941ae24fe363de1df2cb/detection

louise-gzip-think-air.trycloudflare.com
/OD/rotI7D/shortlyqXW.tif
/OD/rotI7D/

# Reference: https://www.virustotal.com/gui/file/1fba05af7e1d9f6352cf124078b36f4c86f28874cc107738a931c2ac4fec1037/detection
# Reference: https://www.virustotal.com/gui/file/564a894bf2e99e4712842eb6e5fc04e33e620bc8e369fc58a12f44febe3634ff/detection

attribute-homework-generator-lovers.trycloudflare.com

# Reference: https://hunt.io/blog/state-sponsored-activity-gamaredon-shadowpad

baklchug.ru
chinosadame.ru
endless-bridge.ru
home1and.ru
iafren.ru
innocentmillions.ru
jedemdasseine.ru
meuviresse.ru

# Reference: https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel
# Reference: https://www.virustotal.com/gui/ip-address/107.189.19.137/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.86.80.234/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.61.169.118/relations
# Reference: https://www.virustotal.com/gui/file/7e129d0cc94ef8e15eb0303cb688003e71599548378d0a4c219a3fa41813adae/detection
# Reference: https://www.virustotal.com/gui/file/b694b7c89fdffa9945d291dc46c7c18185b770814e66912adc10346077fa25de/detection
# Reference: https://www.virustotal.com/gui/file/30100e3f2f6d1dc04c366ad2e98bd338c924001efb6abb314aa0f20eb25430c6/detection

http://104.16.230.132
http://104.16.231.132
http://107.189.19.137
http://107.189.19.218
http://139.59.136.192
http://159.223.50.199
http://165.232.153.27
http://172.104.187.254
http://45.61.166.43
http://64.23.190.235
http://85.92.111.12
buhembald.ru
crudoes.ru
drygmetal.ru
iraliv.ru
lesregines.ru
lucystew.ru
mahombres.ru
mstobik.ru
stradrol.ru
stromatog.ru
vergadol.ru
0aaqhwf689wwecsz.stradrol.ru
1zerrvhhqobcihry.drygmetal.ru
3kppnqjsdkj.drygmetal.ru
5xa2bxerikqbklf7k.stradrol.ru
8u68gauig9wfq8cxmha7pmek.stradrol.ru
dskmr3zotwkughygi16.drygmetal.ru
gdkjvj6ivh.stradrol.ru
hka2zm52l0.stradrol.ru
hthfa610y.stradrol.ru
ihkkjbiwnktf3rnertkhy.stradrol.ru
jcssl61qxucacfgqjw.drygmetal.ru
jmif5bptztor4djq4xfhyup.stradrol.ru
knq2gsdvtanxyb0l39weajsvx0.stradrol.ru
m4cfl38y9obbwbl3ifd9k.stradrol.ru
nthqz4sw2kt2vgjaueededl.stradrol.ru
ovxi5pmdozq.stradrol.ru
qs1havbpndfubdg63px.stradrol.ru
qy4h4jp00jjxxueduc.stradrol.ru
rgegjvdopprcdu8idkghhf.stradrol.ru
vs8vasva2fpey.stradrol.ru
xtyns82pvfvqhicxqchwu6h.stradrol.ru
100asc.crudoes.ru
10chr.crudoes.ru
10to.crudoes.ru
16sleep.crudoes.ru
19loop.crudoes.ru
21position.crudoes.ru
24createobject.crudoes.ru
29absorbed.crudoes.ru
29send.crudoes.ru
2hazard.crudoes.ru
32function.crudoes.ru
35absorbed.crudoes.ru
35chr.crudoes.ru
36asc.crudoes.ru
40chr.crudoes.ru
40openastextstream.crudoes.ru
41savetofile.crudoes.ru
44journal.crudoes.ru
44loop.crudoes.ru
45loop.crudoes.ru
46createobject.crudoes.ru
51journal.crudoes.ru
51sleep.crudoes.ru
56chr.crudoes.ru
56openastextstream.crudoes.ru
56sleep.crudoes.ru
57ending.crudoes.ru
57to.crudoes.ru
58journal.crudoes.ru
60asc.crudoes.ru
62each.crudoes.ru
63chr.crudoes.ru
63xor.crudoes.ru
64ending.crudoes.ru
66asc.crudoes.ru
66position.crudoes.ru
67savetofile.crudoes.ru
67sleep.crudoes.ru
6observe.crudoes.ru
71admiring.crudoes.ru
72chr.crudoes.ru
77position.crudoes.ru
80xor.crudoes.ru
83sleep.crudoes.ru
84aloud.crudoes.ru
94read.crudoes.ru
deletefile.crudoes.ru
numbersleep.crudoes.ru
position.crudoes.ru
ruposition.crudoes.ru
savetofile.crudoes.ru
sleep.crudoes.ru
abraham-lc-happened-ericsson.trycloudflare.com
acquisition-gray-advertisements-trained.trycloudflare.com
affects-periodic-explorer-broadband.trycloudflare.com
areas-apps-civic-loving.trycloudflare.com
argentina-references-rapid-selecting.trycloudflare.com
belongs-tells-sum-harvest.trycloudflare.com
beverly-cups-soft-concentrate.trycloudflare.com
boxes-harvest-cameroon-uniform.trycloudflare.com
cables-tension-bronze-hans.trycloudflare.com
convergence-suffering-reel-ingredients.trycloudflare.com
criterion-receipt-proceeds-fate.trycloudflare.com
der-grande-transmitted-benchmark.trycloudflare.com
des-cinema-democrat-san.trycloudflare.com
detector-excluded-knowledgestorm-two.trycloudflare.com
distributors-marble-saddam-much.trycloudflare.com
eddie-lewis-exercises-conventions.trycloudflare.com
farming-alternatively-velvet-warming.trycloudflare.com
fee-ss-launch-remedies.trycloudflare.com
ff-susan-config-mod.trycloudflare.com
hints-heated-terrain-poem.trycloudflare.com
jet-therapy-cape-correctly.trycloudflare.com
jon-shopzilla-canada-analytical.trycloudflare.com
missouri-itunes-recognize-adds.trycloudflare.com
nail-employed-icon-pre.trycloudflare.com
nav-ni-furnished-handy.trycloudflare.com
obj-sudan-quote-aw.trycloudflare.com
over-function-foo-school.trycloudflare.com
pays-habitat-florists-virtually.trycloudflare.com
pdt-throwing-pod-places.trycloudflare.com
phpbb-zealand-hop-magnetic.trycloudflare.com
presents-turner-cir-hollow.trycloudflare.com
promptly-allows-pendant-close.trycloudflare.com
reflection-tomorrow-brook-dakota.trycloudflare.com
representatives-liable-sight-tigers.trycloudflare.com
score-adams-coastal-moreover.trycloudflare.com
sick-netherlands-alumni-electric.trycloudflare.com
surfing-programmer-morris-mortality.trycloudflare.com
terry-training-springer-engagement.trycloudflare.com
/mood/1/3/2025/confer.html
/stself63/index.html

# Reference: https://www.virustotal.com/gui/ip-address/81.177.215.87/detection
# Reference: https://www.virustotal.com/gui/file/e9672c7f8263f257cac0014e122f04fb1a379e7af2e6e93f8287db6915ac9539/detection

best-sluts-ukraine.ru
estaca.ru
22setrequestheader.estaca.ru
26mid.estaca.ru
27redim.estaca.ru
31mid.estaca.ru
42redim.estaca.ru
47redim.estaca.ru
54redim.estaca.ru
56redim.estaca.ru
59getfile.estaca.ru
74redim.estaca.ru
75then.estaca.ru
89mid.estaca.ru
8getobject.estaca.ru
90redim.estaca.ru
openastextstream.estaca.ru
infants-governor-days-temporal.trycloudflare.com

# Reference: https://x.com/Cyber0verload/status/1910895869701791947
# Reference: https://www.virustotal.com/gui/ip-address/141.98.233.144/relations

areyouall.ru
nordovol.ru
fgajb2lzkzvbrduviq.nordovol.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.85.72/relations

andbien.ru
holyglore.ru
5a9kihaqddo9x.holyglore.ru
npu1skf9xoahp3ghgqn.holyglore.ru

# Reference: https://app.validin.com/detail?find=81.177.215.160&type=ip4&ref_id=ed22e1559b9#tab=resolutions
# Reference: https://www.virustotal.com/gui/ip-address/107.189.19.91/relations

bbt-bombey.ru
broposez.ru
gekka.ru
madres.ru
pro-bros.ru
yumeglory.ru

# Reference: https://www.virustotal.com/gui/ip-address/147.45.51.180/relations

tienes.ru
37createobject.tienes.ru
40each.tienes.ru
71each.tienes.ru
8each.tienes.ru
savetofile.tienes.ru
write.tienes.ru

# Reference: https://www.virustotal.com/gui/file/4d55d413e90ba0a397cc102f2b7fe14ffb3db5ddeeb83e56cfbd3a2df01d08b6/detection

corpus-rated-network-telephony.trycloudflare.com

# Reference: https://app.validin.com/detail?find=45.56.108.235&type=ip4&ref_id=5c3b6734c02#tab=resolutions

bakaden.ru
ulisar.ru

# Reference: https://x.com/skocherhan/status/1911577760021033379

online-oproc24.ru
redanblue.ru
f8mp2bp.rudanka.ru
fcwnhh6.rudanka.ru
grotfsl.phlovel.ru
h4ls538.rudanka.ru
nz8n5yc.phlovel.ru
qjref5y.spanishsky.ru
thisisonlyatest.innocentmillions.ru
xz7qoqx.spanishsky.ru

# Reference: https://x.com/malwrhunterteam/status/1911815302003687491
# Reference: https://www.virustotal.com/gui/file/e87eba98bc4ba27a3a88aae18fdaf7459c25f7b99aefaec09795f3f8442ee45b/detection

alive-theorem-comprehensive-pb.trycloudflare.com
/SSU/eveningMr3/sighto9m.epub
/SSU/eveningMr3/
/eveningMr3/sighto9m.epub
/eveningMr3/
/sighto9m.epub

# Reference: https://x.com/malwrhunterteam/status/1912195398875189447
# Reference: https://www.virustotal.com/gui/file/f7b54b6010575787776cc4fb045371df70873135517900a6f015ac26b995c79b/detection

conventional-decided-optical-newark.trycloudflare.com
/SSU/sieveq2c/standMn7.epub
/SSU/sieveq2c/
/sieveq2c/standMn7.epub
/sieveq2c/
/standMn7.epub

# Reference: https://x.com/malwrhunterteam/status/1912179515880571094
# Reference: https://www.virustotal.com/gui/file/4d06d2cb20fcdf267f1e509f667fe02bcb747d451432a90078a08de5e1eb7f16/detection
# Reference: https://www.virustotal.com/gui/file/50fb73dd8217ce05bf306d399e9438b407012044743e312d93da0a037edc0de3/detection
# Reference: https://www.virustotal.com/gui/file/b17a569eb7e33254dfe6df1876731ab715bc544705cc73cbe9d98ac29f9ceb86/detection

http://194.58.66.183
mar-messages-ui-announcement.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1912187352786550820
# Reference: https://www.virustotal.com/gui/file/bb1ae7d1360f5d2bd19ea6c97b689bb55f5c3e5d829ee6c801e767f8363d9a13/detection

clerk-tan-assisted-thoughts.trycloudflare.com
/SS/departmentotT/gloriaj2F.epub
/SS/departmentotT/
/departmentotT/gloriaj2F.epub
/departmentotT/
/gloriaj2F.epub

# Reference: https://harfanglab.io/insidethelab/gamaredons-pterolnk-analysis/

adjustable-za-creativity-copper.trycloudflare.com
adventures-worked-exposure-maui.trycloudflare.com
advisors-commission-burn-valuation.trycloudflare.com
amenities-minus-judges-clearly.trycloudflare.com
applicant-approx-vatican-senators.trycloudflare.com
architect-reverse-poster-failed.trycloudflare.com
asks-ribbon-nearest-traveler.trycloudflare.com
asset-advised-jane-disc.trycloudflare.com
blowing-traveling-looks-appropriations.trycloudflare.com
cables-encounter-chem-stranger.trycloudflare.com
cat-pop-injuries-gallery.trycloudflare.com
chaos-forces-bears-sent.trycloudflare.com
checklist-digital-proved-labels.trycloudflare.com
compact-egypt-meal-imagination.trycloudflare.com
cope-senator-european-texas.trycloudflare.com
cups-technologies-knock-posts.trycloudflare.com
dimensions-incorporated-citysearch-quotes.trycloudflare.com
dressed-emissions-councils-storage.trycloudflare.com
efficiently-noble-pubs-armed.trycloudflare.com
engineering-moreover-packages-shareholders.trycloudflare.com
extend-terrorism-nowhere-two.trycloudflare.com
fixtures-bracelet-anatomy-jon.trycloudflare.com
forces-details-round-gates.trycloudflare.com
funky-honduras-drives-statutory.trycloudflare.com
governmental-rocket-hourly-blair.trycloudflare.com
horizon-fee-calendar-seek.trycloudflare.com
im-trend-naturally-administrator.trycloudflare.com
mailed-this-chemical-thermal.trycloudflare.com
making-toys-sn-kijiji.trycloudflare.com
outputs-sam-come-bosnia.trycloudflare.com
performances-look-humidity-pie.trycloudflare.com
place-experiencing-teen-kitty.trycloudflare.com
playstation-look-became-circles.trycloudflare.com
recreational-bosnia-granny-interventions.trycloudflare.com
relax-spas-miss-feeling.trycloudflare.com
rows-slideshow-toll-dsl.trycloudflare.com
sand-northeast-consumers-sells.trycloudflare.com
sat-mapping-metadata-instrumentation.trycloudflare.com
satin-adams-writings-idol.trycloudflare.com
silence-modems-france-fact.trycloudflare.com
sized-professionals-expertise-reveals.trycloudflare.com
spectrum-maldives-literally-garcia.trycloudflare.com
stockholm-align-closed-far.trycloudflare.com
such-bad-magnet-dealer.trycloudflare.com
taking-hl-kerry-pet.trycloudflare.com
unlike-processes-saskatchewan-prepared.trycloudflare.com
wallpaper-duplicate-agents-exports.trycloudflare.com
wto-ls-stocks-pie.trycloudflare.com
zambia-relate-highlights-tasks.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1914652617059238076
# Reference: https://www.virustotal.com/gui/file/6b12051f60611d1d3366a230a894642b9b59be2444b7055cfc0ebe6c74947c88/detection
# Reference: https://www.virustotal.com/gui/file/b93ca4f03ce2a2983194c0cf35616b6bf484cd0af2af9b3bfb765c9a48a474b7/detection

http://193.124.22.113
please-clinton-missed-ing.trycloudflare.com
/Gukr/flintYLS/medicinejOE.pptx
/Gukr/flintYLS/
/flintYLS/medicinejOE.pptx
/medicinejOE.pptx

# Reference: https://www.virustotal.com/gui/file/341435e34c6d146cbb28f4e7de6d2e0e2b7ec2be3625f14a56041124f4af34cd/detection
# Reference: https://www.virustotal.com/gui/file/1e239869a84200d56bb26ed8bb4c56c8272d60746111d626fcedce676eef0a13/detection

papilutes.hopto.org
/Gurukr/cableW2l/comparableKrE.pptx
/Gurukr/cableW2l/
/cableW2l/comparableKrE.pptx
/comparableKrE.pptx

# Reference: https://x.com/malwrhunterteam/status/1915080994324877503
# Reference: https://www.virustotal.com/gui/file/a297b78409596486b2c7ae390c9b30baae509feee3d64528c8ec4ca8a33f727b/detection

superior-subtle-gore-each.trycloudflare.com
/SU/rageSc4/circularPti.pptx
/rageSc4/circularPti.pptx
/rageSc4/
/circularPti.pptx

# Reference: https://x.com/malwrhunterteam/status/1915096887662723212
# Reference: https://x.com/malwrhunterteam/status/1915096890351484943
# Reference: https://www.virustotal.com/gui/file/5236cdce613b7953b39ca8de899fc0445d4606d5c3ec1037df69a5ebeba3fa5c/detection

crazy-whole-dumb-phd.trycloudflare.com
current-suddenly-fill-playlist.trycloudflare.com
/MVS/inhabitRK8/mutterUOo.pptx
/inhabitRK8/mutterUOo.pptx
/inhabitRK8/
/mutterUOo.pptx

# Reference: https://www.virustotal.com/gui/ip-address/144.172.85.28/relations

bluradon.ru
norosta.ru
poracholly.ru
sellingleft.ru
selltosell.ru

# Reference: https://x.com/malwrhunterteam/status/1915426676495831475
# Reference: https://www.virustotal.com/gui/file/7a20091af58362ddd3cc140c9ef3d68658144b737a35e193ba1e1e125c65c6c6/detection

uncle-drives-accommodate-packaging.trycloudflare.com
/NPU/importancepq4/moonlightzLJ.pptx
/importancepq4/moonlightzLJ.pptx
/importancepq4/
/moonlightzLJ.pptx

# Reference: https://x.com/malwrhunterteam/status/1916819134295269417
# Reference: https://www.virustotal.com/gui/file/b879d04603999532c7b52132f42db7f3dd1b8d41626c3aa8156bb31d0823f06f/detection

messages-columnists-releases-cost.trycloudflare.com
/NPU/mattressQC3/stolentG3.pptx
/mattressQC3/stolentG3.pptx
/mattressQC3/

# Reference: https://x.com/malwrhunterteam/status/1917335326386700432
# Reference: https://www.virustotal.com/gui/file/f2acb746e75f73e1ae77c671af7725abcdf41d69f4e22c3bee63c3746f13f6e4/detection

belly-thriller-chief-your.trycloudflare.com
/OD/educationOy0/offendQzB.pptx
/educationOy0/offendQzB.pptx
/educationOy0/
/offendQzB.pptx

# Reference: https://x.com/malwrhunterteam/status/1917336024121778292

director-cu-papua-our.trycloudflare.com

# Reference: https://mp.weixin.qq.com/s/sVc2dLNJwbpgEzBXkFyBRw
# Reference: https://www.virustotal.com/gui/file/6c0603142d426119183b06968bb6c43fe997246782f9e60116ad3a8657771764/detection

awesome-average-atomic-cloud.trycloudflare.com
colony-fog-participating-estimates.trycloudflare.com
mit-walking-endorsed-lc.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1930355858778796419
# Reference: https://www.virustotal.com/gui/ip-address/194.58.66.5/relations
# Reference: https://www.virustotal.com/gui/file/3611035faf63b8bf14c88a9bd02e3783f2bde3128c97f6317d4d4c912463ef39/detection
# Reference: https://www.virustotal.com/gui/file/d9330f235584d387d6a08d35f8d501777f4e0b2a545f4752d459a9ad24c74772/detection
# Reference: https://www.virustotal.com/gui/file/7ddeb557f442cc9625da414f58c7f041f7fd3879199f88531c15e4fb5476bb83/detection
# Reference: https://www.virustotal.com/gui/file/f8f4d2e627462c2e8b443f2b8f5efe4c1f0c14d9b1796e9eb1a2b598e524eda0/detection
# Reference: https://www.virustotal.com/gui/file/631c02badd9ea7e2835256290f649a02136b1df312c4c8cd4d3f5df4558e3595/detection

http://194.58.66.5
admindt.ddns.net
downcraft.serveirc.com
kia-court.serveirc.com
nationaldutch.duckdns.org
papilonos.hopto.org
pasive-host.gotdns.ch
procurature.freedynamicdns.org
procuror.servehttp.com
selodovo.myddns.me
ssu-procuror.redirectme.net
systems-debug.ddns.net
libraries-thus-yale-collaborative.trycloudflare.com
/gur/easternyzt/cambridgeN4w.jpeg
/probXHTML/fourlnu/bearingdwR.pdf
/probXHTML/fourlnu/
/sSsU/norrisjOH/stabilitygc2.pdf
/sSsU/norrisjOH/
/norrisjOH/

# Reference: https://x.com/Cyber0verload/status/1936435266413305977

0qh7kk5z-80.euw.devtunnels.ms
0xgggj25-80.euw.devtunnels.ms
2w6pfm8q-80.euw.devtunnels.ms
2zwwxgt1-80.euw.devtunnels.ms
3052c5fg-80.euw.devtunnels.ms
3g67dbl4-80.euw.devtunnels.ms
3qhfd78x-80.euw.devtunnels.ms
3wg2c7jt-80.euw.devtunnels.ms
46jm9cd0-80.euw.devtunnels.ms
55l24f51-80.euw.devtunnels.ms
5ftqmcrk-80.euw.devtunnels.ms
7hvl1tq1-80.euw.devtunnels.ms
8p4jjpj5-80.euw.devtunnels.ms
8wxndw1t-80.euw.devtunnels.ms
9dpdxml2-80.euw.devtunnels.ms
bvmrf854-80.euw.devtunnels.ms
c7wxnhcg-80.euw.devtunnels.ms
chvk3hhf-80.euw.devtunnels.ms
cjsl76t6-80.euw.devtunnels.ms
cp329mj2-80.euw.devtunnels.ms
cqk76vfb-80.euw.devtunnels.ms
d1dmfzpq-80.euw.devtunnels.ms
d4lg15mk-80.euw.devtunnels.ms
fkjpvjr7-80.euw.devtunnels.ms
ftf35rdx-80.euw.devtunnels.ms
h1bwvfsk-80.euw.devtunnels.ms
j8bk0jnz-80.euw.devtunnels.ms
jsdk8z25-80.euw.devtunnels.ms
kkzrft29-80.euw.devtunnels.ms
mdwxv0cw-80.euw.devtunnels.ms
mxbwvrxn-80.euw.devtunnels.ms
n54h0rsq-80.euw.devtunnels.ms
n7rr7d9c-80.euw.devtunnels.ms
p260qj32-80.euw.devtunnels.ms
pj7pq68t-80.euw.devtunnels.ms
pwq0h8sh-80.euw.devtunnels.ms
q9kfpmx9-80.euw.devtunnels.ms
rm1n2mlv-80.euw.devtunnels.ms
rz6wllw8-80.euw.devtunnels.ms
s5ftp8bj-80.euw.devtunnels.ms
sgrgdkkv-80.euw.devtunnels.ms
v56zq2cd-80.euw.devtunnels.ms
vvnv3zth-80.euw.devtunnels.ms
x3sdhhqn-80.euw.devtunnels.ms
z6573kf9-80.euw.devtunnels.ms

# Reference: https://x.com/smica83/status/1937412850139435509
# Reference: https://www.virustotal.com/gui/ip-address/194.58.66.132/relations
# Reference: https://www.filescan.io/uploads/685a53cef8f8abe4f8b83c3c/reports/00a0de4f-9d21-4e72-ae2e-dd3ffa3bb240/overview
# Reference: https://www.virustotal.com/gui/file/79343d0211758029b5fbffb89caa041f51a1f20ddcb39e4fd2c3ccf677ed5f07/detection
# Reference: https://www.virustotal.com/gui/file/7c0af43f8a32cb68e7804844c03a1f73fa0121018f2684942c8bee13a665f62f/detection
# Reference: https://www.virustotal.com/gui/file/591cd91512c68ec091b824ee9084326153d3bb229f313f5869409c3358788d2f/detection
# Reference: https://www.virustotal.com/gui/file/4f844679b79baf9daa46751b7b6f15c2cb03a0162361f3863b42cf16e3a27984/detection

document-downloads.ddns.net
document-prok.freedynamicdns.org
downloads-document.freedynamicdns.org
google-pdf.redirectme.net
print-documents.freedynamicdns.net
write-document.freedynamicdns.org
/GP/coupleTU1/
/MOU/socksCm5/
/OD/quitzU2/
/OD/retirementH20/
/SS/barefootedRBd/
/GP/coupleTU1/firex0q.jpeg
/OD/quitzU2/comparativelyNWU.jpeg
/OD/retirementH20/meaninglesskfx.jpeg
/socksCm5/managesb1Y.jpeg
/SS/barefootedRBd/risejw5.jpeg
/barefootedRBd/risejw5.jpeg
/coupleTU1/firex0q.jpeg
/quitzU2/comparativelyNWU.jpeg
/retirementH20/meaninglesskfx.jpeg
/comparativelyNWU.jpeg
/firex0q.jpeg
/managesb1Y.jpeg
/meaninglesskfx.jpeg
/risejw5.jpeg

# Reference: https://web-assets.esetstatic.com/wls/en/papers/white-papers/gamaredon-in-2024.pdf

iraiz.ru
litanq.ru
noraspdan.ru
ashley-characters-societiesfreely.trycloudflare.com
deny-webshots-hudsonverbal.trycloudflare.com
drums-hobbies-geologicalsignatures.trycloudflare.com
incorporate-two-knowinginside.trycloudflare.com
kinda-grows-reachescrimes.trycloudflare.com
niagara-silent-exteriortalent.trycloudflare.com
ordering-ratings-motorsoldier.trycloudflare.com
sao-yield-aredomestic.trycloudflare.com
sub-nursery-foogoverning.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/3f53c7ecd76c4bd2d6137954d161b982be39ceadf00ee468e6a0e48f1730a33a/detection

packing-showtimes-pathology-listings.trycloudflare.com

# Reference: https://x.com/Cyber0verload/status/1947188876675530924

glowinglowin.ru
cloaked.glowinglowin.ru

# Reference: https://x.com/smica83/status/1955346478869692636
# Reference: https://tria.ge/250812-yn2tfsylt2/behavioral3
# Reference: https://www.virustotal.com/gui/file/44b7dc9b768be9fb00def03fdc82b65b3f6cb7623d9371c86749d98c667322dd/detection

universal-uzbekistan-grid-os.trycloudflare.com
/Su/persuadej3M/accidentalW72.pdf
/Su/persuadej3M/
/persuadej3M/

# Reference: https://x.com/smica83/status/1957451565431718322
# Reference: https://x.com/smica83/status/1957740675786535145
# Reference: https://tria.ge/250818-rv515avtet/behavioral1
# Reference: https://tria.ge/250819-lp8l6sap31/behavioral1
# Reference: https://www.virustotal.com/gui/file/5dadb9a4916bd00057b4752d7e0806b35682f9a9fc9be5340109d6a5c4b49cc7/detection

completed-good-again-by.trycloudflare.com
/prk/argumentst44/awestruckSgi.pdf
/prk/parkedEo9/overheade3e.pdf
/argumentst44/awestruckSgi.pdf
/parkedEo9/overheade3e.pdf
/argumentst44/
/parkedEo9/

# Reference: https://mp.weixin.qq.com/s/4OuQ3xT9CeX8G3IsVc8nKw

3150wild.workers.dev
bdslmtlqh.bronzevere.workers.dev
bronzevere.workers.dev
dvofiuao.3150wild.workers.dev
embarrassed3627.workers.dev
euw.devtunnels.ms
gohiz.griercrimson.workers.dev
goldjan.workers.dev
griercrimson.workers.dev
jqrwbrbj.bronzevere.workers.dev
khycpsgbu.previoussusanna.workers.dev
oexvrm.embarrassed3627.workers.dev
previoussusanna.workers.dev
tskqbu.bronzevere.workers.dev
xuwj.goldjan.workers.dev

# Reference: https://x.com/smica83/status/1961396036351533308
# Reference: https://x.com/skocherhan/status/1961397766728433917
# Reference: https://www.virustotal.com/gui/ip-address/81.177.214.153/relations
# Reference: https://www.virustotal.com/gui/file/7c8e3ccb91297f4f8ebc1857fca6cae7092f37345713ae465136eb4beca64aa8/detection
# Reference: https://www.virustotal.com/gui/file/61a898360c685471fc0c92eb404fa640d3523786fe711b785fc13ac328ab2fa0/detection

fin1.onlinebottebe.online
fin2.onlinebottebe.online
copy-documents.myftp.org
document-write.myftp.org
sectors.myftp.org
send-document.myftp.org
send-emails.myftp.org
write-email.myftp.org
/fadej22/7zipMVS/reporterlxe/multiVN9.pdf
/oysterZfQ/SSU/strikeLCd/dinnerC01.pdf
/fadej22/7zipMVS/reporterlxe/
/oysterZfQ/SSU/strikeLCd/
/fadej22/7zipMVS/
/oysterZfQ/SSU/

# Reference: https://x.com/smica83/status/1965326835723764178
# Reference: https://www.virustotal.com/gui/ip-address/147.45.177.39/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.56.79.138/relations
# Reference: https://www.virustotal.com/gui/file/f35a91aa6b720f33fb971deee228e48a07d51df9762de6d616481fad1008b7ea/detection
# Reference: https://www.virustotal.com/gui/file/99dea5ed512949904f232f2fea81acc6ec5fa24628936578e08d8cac72b34c18/detection

amnzon.myvnc.com
conf-documents.servebeer.com
document-open.serveftp.com
document-send.myftp.org
documents.serveftp.com
documets-write.servebeer.com
get-documents.serveftp.com
open-document.servebeer.com
open-documents.myftp.org
security.serveftp.com
securlty.serveirc.com

# Reference: https://www.virustotal.com/gui/ip-address/144.172.109.229/relations

dafyp.ru

# Reference: https://www.virustotal.com/gui/ip-address/144.172.110.121/relations
# Reference: https://www.virustotal.com/gui/file/12d6a25afd8a4db2b97bf987a85e6405a3233ec63d1088798096d95a483178dd/detection

kokorini.ru
lafuritte.ru
mekras.ru
gemsbok.kokorini.ru

# Reference: https://www.virustotal.com/gui/ip-address/167.88.160.46/relations
# Reference: https://www.virustotal.com/gui/file/ac484e66f4f94f583398f36fb041b244bf2b016831d771314f94a61ba5b99852/detection

http://167.88.160.46
bloodyhand.ru
crokul.ru
eleanorva.ru
lafuritte.ru
movingdeath.ru
tilldeath.ru
yourfocus.ru
29set.estaca.ru
11precaution.crudoes.ru
47if.crudoes.ru
71read.crudoes.ru
81mid.crudoes.ru
88if.crudoes.ru
88read.crudoes.ru
92read.crudoes.ru
9read.crudoes.ru
numberposition.crudoes.ru
precaution.crudoes.ru
qlep.movingdeath.ru
smproved.crudoes.ru
snquire.crudoes.ru
snstruction.crudoes.ru
srresolute.crudoes.ru
xn--posicin-q0a.crudoes.ru
/vac$&xpyz/household.htm
/vac$&xpyz/

# Reference: https://www.virustotal.com/gui/file/c2aacaeb43c0cb4518f76e8cff0c2ed585f4cfa2444b052d6d6f85d7237180e4/detection

leobard.ru
presumptuously.leobard.ru

# Reference: https://www.virustotal.com/gui/ip-address/172.86.66.111/relations

letsgout.ru
rozalinde.ru

# Reference: https://www.virustotal.com/gui/ip-address/87.121.47.169/relations

ab.bloodyhand.ru

# Reference: https://www.virustotal.com/gui/ip-address/104.21.35.183/relations

nuarod.ru
shackled.ru
unchaining.ru
uprisie.ru

# Reference: https://x.com/smica83/status/1967516522752225373
# Reference: https://www.virustotal.com/gui/file/027d73c177f9f7cfbae5990c6b4fa624064b0dbe9481d7b905214b2268a8190e/detection

http://5.8.18.46

# Reference: https://x.com/ESETresearch/status/1971564401724670158
# Reference: https://www.virustotal.com/gui/ip-address/185.39.204.82/relations
# Referenec: https://www.virustotal.com/gui/file/18c4d384f8fef858accb57fff9dc4036bf52a051b249696b657162b1adcbf104/detection
# Reference: https://www.virustotal.com/gui/file/2ca79d66c5110c33cb14ba7555c54f4e5bb1e6874487fe0e2b46b3b92c5f9b80/detection
# Reference: https://www.virustotal.com/gui/file/c36ec6ebf3287a30c4ef0f217835a04e3fad0fe1c3effee6647a0d172694f548/detection

document-ua.serveftp.com
documents-pdf.serveftp.com
downloads-pdf.serveftp.com
open-pdf.serveftp.com
opens-pdf.serveftp.com
pdf-download.serveftp.com

# Reference: https://www.virustotal.com/gui/ip-address/45.59.125.173/relations

boobasword.ru
71each.estaca.ru
5yzfd55omduc90tzmtm.boobasword.ru
ta9fiuhuukuaxd1kz.boobasword.ru
w7p8ok4qtejn0co5s5mqghke1p.boobasword.ru

# Generic

/1-/courageous/courageous.69alf
/1-/courageous/
/1-ПК/courageous/courageous.69alf
/1-ПК/courageous/
/27.12_otck/days.rtf
/6BNOTE/loyalty/bikes/endanger.drf
/6BNOTE/loyalty/bikes/
/6BNOTE/loyalty/
/ADMIN-%D0%9F%D0%9A/alternate.kdc
/AKADEMIK1211/clasped/globe/printing.61itdb
/AKADEMIK1211/clasped/globe/
/AKADEMIK1211/clasped/
/BUDGET/stoppage56/rejoice/already.mkv
/BUDGET/stoppage56/rejoice/
/BUDGET/stoppage56/
/DESKTOP-0N5LDB0/altogether/alluded/allows/alluded/alluded.xaf
/DESKTOP-0N5LDB0/altogether/alluded/allows/alluded/
/DESKTOP-0N5LDB0/altogether/alluded/allows/
/DESKTOP-0N5LDB0/altogether/alluded/
/DESKTOP-0N5LDB0/altogether/
/DESKTOP-2078JBK/beyond/fancied.58shp
/DESKTOP-2078JBK/beyond/
/DESKTOP-33TA5GP/nearly/courageous.dot
/DESKTOP-33TA5GP/nearly/
/DESKTOP-3VASB0N/falcon/family.n64
/DESKTOP-3VASB0N/falcon/
/DESKTOP-90A1T3D/regular.83glf
/DESKTOP-DA2TU05/alloy.3da
/DESKTOP-DA2TU05/negative66/intense/allocation.adp
/DESKTOP-DA2TU05/negative66/intense/
/DESKTOP-DA2TU05/negative66/
/DESKTOP-DPHL39L/pretence/among/beverley/perform.m3d
/DESKTOP-DPHL39L/pretence/among/beverley/
/DESKTOP-DPHL39L/pretence/among/
/DESKTOP-DPHL39L/pretence/
/DESKTOP-F8IR7J0/relation/prevailed/intercept/ambitious/relation.98v12
/DESKTOP-F8IR7J0/relation/prevailed/intercept/ambitious/
/DESKTOP-F8IR7J0/relation/prevailed/intercept/
/DESKTOP-F8IR7J0/relation/prevailed/
/DESKTOP-F8IR7J0/relation/
/DESKTOP-J6T8PGG/sally/sounds/familiar/courageous.70xmf
/DESKTOP-J6T8PGG/sally/sounds/familiar/
/DESKTOP-J6T8PGG/sally/sounds/
/DESKTOP-J6T8PGG/sally/
/DESKTOP-JRQI4FJ/family/necessarily.18wet
/DESKTOP-JRQI4FJ/family/
/DESKTOP-KG04KH8/luck/luck/luck/relay.83ora
/DESKTOP-KG04KH8/luck/luck/luck/
/DESKTOP-KG04KH8/luck/luck/
/DESKTOP-KG04KH8/luck/
/DESKTOP-LQFDA6Q/soup/counter/soup/necklace.81tme
/DESKTOP-LQFDA6Q/soup/counter/soup/
/DESKTOP-LQFDA6Q/soup/counter/
/DESKTOP-LQFDA6Q/soup/
/DESKTOP-M8O7T07/prick.nff
/DESKTOP-MBKQD7C/naughty/intercept/intercept.26trc
/DESKTOP-MBKQD7C/naughty/intercept/
/DESKTOP-MBKQD7C/naughty/
/DESKTOP-T0FMFN4/principal83/principal/lunch.kdc
/DESKTOP-T0FMFN4/principal83/principal/
/DESKTOP-T0FMFN4/principal83/
/DESKTOP-TUO2VFP/sand.adm
/DESKTOP-UP2C19G/sally/previous/goal/registry.b3d
/DESKTOP-UP2C19G/sally/previous/goal/
/DESKTOP-UP2C19G/sally/previous/
/DESKTOP-UP2C19G/sally/
/DESKTOP-UVHG99D/percy.46rra
/DRS-PC-414-005/regions.dot
/GOLOVKOCOMPUTER/already/end/bikes/end/end.26gwi
/GOLOVKOCOMPUTER/already/end/bikes/end/
/GOLOVKOCOMPUTER/already/end/bikes/
/GOLOVKOCOMPUTER/already/end/
/GOLOVKOCOMPUTER/already/
/HOME/price68/famine/lover.mdf
/HOME/price68/famine/
/HOME/price68/
/HOME-PC/goal/interdependent/loyalty/loyalty.abr
/HOME-PC/goal/interdependent/loyalty/
/HOME-PC/goal/interdependent/
/HOME-PC/goal/
/HOME-PC/registry/amiable/prick/sorry.83glf
/HOME-PC/registry/amiable/prick/
/HOME-PC/registry/amiable/
/HOME-PC/registry/
/HOME-PC/registry/sorry/amiable/amiable/amiable.83glf
/HOME-PC/registry/sorry/amiable/amiable/
/HOME-PC/registry/sorry/amiable/
/HOME-PC/registry/sorry/
/INV7/ally/ally.88wmdb
/KASA/bicycle.dbx
/KI12-463958/perceived/soup/intention/intention/soup.qc
/KI12-463958/perceived/soup/intention/intention/
/KI12-463958/perceived/soup/intention/
/KI12-463958/perceived/soup/
/KI12-463958/perceived/
/LAPTOP-ATFIHP9Q/alternate.sis
/LAPTOP-ATFIHP9Q/alternate/penholder/previous.sis
/LAPTOP-ATFIHP9Q/alternate/penholder/
/LAPTOP-ATFIHP9Q/alternate/
/LAPTOP-ATFIHP9Q/previous/penholder/penholder/alternate.sis
/LAPTOP-ATFIHP9Q/previous/penholder/penholder/
/LAPTOP-ATFIHP9Q/previous/penholder/
/LAPTOP-ATFIHP9Q/previous/
/LILA/between/shoe/ambitious/shoe/principle.21accdr
/LILA/between/shoe/ambitious/shoe/
/LILA/between/shoe/ambitious/
/LILA/between/shoe/
/MASTER-/negative78/claimed/soul.tri
/MASTER-/negative78/claimed/
/MASTER-/negative78/
/OHORONAPRAVLYUD/relay/perfection/classroom.sky
/OHORONAPRAVLYUD/relay/perfection/
/OHORONAPRAVLYUD/relay/
/PC/already/already/relate/all.thl
/PC/already/already/relate/
/PC/amazed/nearby/already.cgm
/PC/amazed/nearby/
/PC-POLICE-2/classes/percent/luke/classes.drf
/PC-POLICE-2/classes/percent/luke/
/PC-POLICE-2/classes/percent/
/PC-POLICE-2/classes/
/PROBOOK4540/bewail/bewail/sorry/bewail/cough.fcp
/PROBOOK4540/bewail/bewail/sorry/bewail/
/PROBOOK4540/bewail/bewail/sorry/
/PROBOOK4540/bewail/bewail/
/PROBOOK4540/bewail/
/R331-1/ambition/interesting/enforce.26die
/R331-1/ambition/interesting/
/R331-1/ambition/
/TENDER-2-4/ammunition63/ammonia/counteract.config
/TENDER-2-4/ammunition63/ammonia/
/TENDER-2-4/ammunition63/
/USER-PC/allowance/percent/soul.77meb
/USER-PC/allowance/percent/
/USER-PC/allowance/
/USER-PC/could/all/glowing.20mbx
/USER-PC/could/all/
/USER-PC/prey/allowance.90meb
/USER-PC/prey/percent/soul/prey/percent.7meb
/USER-PC/prey/percent/soul/prey/
/USER-PC/prey/percent/soul/
/USER-PC/prey/percent/
/USER-PC/soul/percent.76meb
/USER-PC/sally.64mbx
/WIN-2FQ3QUC3P4D/pepper/enemies/relations.dot
/WIN-2FQ3QUC3P4D/pepper/enemies/
/WIN-2FQ3QUC3P4D/pepper/
/WIN-GCG74JBEN0B/amber.dot
/WIN-NKDT573S45D/needlework.vp
/WIN-PJMU2R174AA/naughty/stool/luckily.89jas
/WIN-PJMU2R174AA/naughty/stool/
/WIN-PJMU2R174AA/naughty/
/ДЕЛОВОД-ПК/lover.dot
/ЮЛЯ-ПК/alongside/needle/needle.fbx
/ЮЛЯ-ПК/alongside/needle/
/ЮЛЯ-ПК/alongside/
/%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/needle/needle.fbx
/%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/needle/
/%D0%AE%D0%9B%D0%AF-%D0%9F%D0%9A/alongside/
/alongside/needle/
